cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_7:-:-:x86 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_8:-:-:x64 cpe:/o:microsoft:windows_8:-:-:x86 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x86 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64 CVE-2013-1285 2013-03-12T20:55:01.417-04:00 2017-09-18T21:36:01.340-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2013-03-16T11:42:00.000-04:00 IAVM IAVM:2013-A-0063 MS MS13-027 CERT TA13-071A The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.