CVE-2013-5065

ENISA EUVD: EUVD-2013-4907 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 20, 2026 2 articles Published: 2013-11-27
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24
72.98%
probability
This CVE has a 72.98% probability of being exploited in the next 30 days.
0% Top 98.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

7.2
HIGH
Access Vector
Local
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:L/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

Affected Products

n/a
n/a

Exploits & PoC

Signal Intelligence

Confidence
75%
EPSS 72.98%
CVSS v3.1 7.8
Mentions 2

CNA Information

CNA Assigner
microsoft

Analyst Note

CVE-2013-5065 is explicitly named as a zero-day vulnerability in multiple sources (TheHackerNews articles reference 'zero-day' and 'discovered'). FireEye researchers documented in-the-wild exploitation via corrupted TIFF images used in targeted attacks. Microsoft released a security patch on Patch Tuesday, with exploitation occurring prior to or concurrent with patch availability. However, confidence is not higher due to limited source material (only 2 articles) and lack of explicit timing confirmation between discovery and patch release.

Threat Actors 2

Turla Group
apt_group Information theft and espionage Russian Federation
CHRYSENE
apt_group Information theft and espionage 🇮🇷 IR

Triage Info

Decided atMar 20, 2026
Published DateNov 27, 2013