SpiderLabs investigates a number of suspicious binary files on a daily basis. A week ago we came across a PDF file which had two different vulnerabilities, a remote-code-execution vulnerability in Adobe Reader and a new escalation-of-privileges vulnerability in Windows Kernel.
Just recently we confirmed that the new escalation-of-privileges zero day (CVE-2013-5065) has been delivered in the wild using CVE-2013-3346 as a container. Our goal in this blog post is to raise the public awareness by describing the technical details behind this recent kernel zero-day. We've tested the zero day on Windows XP and Server 2003 only.