CVE-2013-0013 vulnerability in Microsoft Products
Published on January 9, 2013

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."

Vendor Advisory NVD

Products Associated with CVE-2013-0013

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Windows Server 2008

Microsoft Windows Rt

Microsoft Windows 8

Microsoft Windows 7

Microsoft Windows Vista

Microsoft Windows Server 2012

Exploit Probability

EPSS

15.83%

Percentile

94.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-0013 vulnerability in Microsoft ProductsPublished on January 9, 2013

Products Associated with CVE-2013-0013

Exploit Probability

CVE-2013-0013 vulnerability in Microsoft Products
Published on January 9, 2013