Oval Definition:	oval:org.mitre.oval:def:18630
Revision Date: 2014-02-24 Version: 25 Title: Windows USB Descriptor Vulnerability (CVE-2013-3200) - MS13-081 Description: The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2013-3200 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Product(s): Definition Synopsis xp sp3/version Microsoft Windows XP (x86) SP3 is installed AND either file versions Check if the version of usbd.sys is less than 5.1.2600.6437 OR Check if the version of Hidparse.sys is less than 5.1.2600.6418 OR win xp/server 2003/versions xp/server 2003 Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Windows Server 2003 (ia64) SP2 is installed OR Microsoft Windows Server 2003 SP2 (x86) is installed OR Microsoft Windows Server 2003 SP2 (x64) is installed AND either file versions Check if the version of usbd.sys is less than 5.2.3790.5203 OR Check if the version of Hidparse.sys is less than 5.2.3790.5189 OR vista/2008/version vista/2008 Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND either file versions gdr/ldr Check if the version of usbd.sys is less than 6.0.6002.18875 OR ldr range Check if the version of usbd.sys is less than 6.0.6002.23147 AND check if the version of usbd.sys is greater than or equal to 6.0.6002.23000 OR gdr/ldr Check if the version of Hidparse.sys is less than 6.0.6002.18878 OR ldr range Check if the version of Hidparse.sys is less than 6.0.6002.23150 AND Check if the version of Hidparse.sys is greater than or equal to 6.0.6002.23000 OR gdr/ldr Check if the version of Usbcir.sys is less than 6.0.6002.18887 OR ldr range Check if the version of Usbcir.sys is less than 6.0.6002.23160 AND Check if the version of Usbcir.sys is greater than or equal to 6.0.6002.23000 OR win 7/2008 r2/versions win/2008 r2 Microsoft Windows 7 (32-bit) Service Pack 1 is installed OR Microsoft Windows 7 x64 Service Pack 1 is installed OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND either file versions gdr/ldr Check if the version of usbd.sys is less than 6.1.7601.18328 OR ldr range Check if the version of usbd.sys is less than 6.1.7601.22526 AND Check if the version of usbd.sys is greater than or equal to 6.1.7601.22000 OR gdr/ldr Check if the version of Hidparse.sys is less than 6.1.7601.18199 OR ldr range Check if the version of Hidparse.sys is less than 6.1.7601.22374 AND Check if the version of Hidparse.sys is greater than or equal to 6.1.7601.22000 OR gdr/ldr Check if the version of Usbcir.sys is less than 6.1.7601.18208 OR ldr range Check if the version of Usbcir.sys is less than 6.1.7601.22382 AND Check if the version of Usbcir.sys is greater than or equal to 6.1.7601.22000 OR win 8/server 2012 win 8/server 2012 Microsoft Windows 8 (x86) is installed OR Microsoft Windows 8 (x64) is installed OR Microsoft Windows Server 2012 (64-bit) is installed AND either file versions gdr/ldr Check if the version of Hidparse.sys is less than 6.2.9200.16654 OR ldr range Check if the version of Hidparse.sys is less than 6.2.9200.20763 AND Check if the version of Hidparse.sys is greater than or equal to 6.2.9200.20000 OR gdr/ldr Check if the version of usbd.sys is less than 6.2.9200.16654 OR ldr range Check if the version of usbd.sys is less than 6.2.9200.20761 AND Check if the version of usbd.sys is greater than or equal to 6.2.9200.20000 OR gdr/ldr Check if the version of Usbxhci.sys is less than 6.2.9200.16654 OR ldr range Check if the version of Usbxhci.sys is less than 6.2.9200.20763 AND Check if the version of Usbxhci.sys is greater than or equal to 6.2.9200.20000 OR Check if the version of Wdfldr.sys is less than 1.11.9200.16648 OR win 8/server 2012 x64 win 8/server 2012 Microsoft Windows 8 (x64) is installed OR Microsoft Windows Server 2012 (64-bit) is installed AND gdr/ldr Check if the version of Usbcir.sys is less than 6.2.9200.16658 OR ldr range Check if the version of Usbcir.sys is less than 6.2.9200.20772 AND Check if the version of Usbcir.sys is greater than or equal to 6.2.9200.20000 OR win 8 x86 Microsoft Windows 8 (x86) is installed AND gdr/ldr Check if the version of Usbcir.sys is less than 6.2.9200.16659 OR ldr range Check if the version of Usbcir.sys is less than 6.2.9200.20772 AND Check if the version of Usbcir.sys is greater than or equal to 6.2.9200.20000 OR vista/2008//win7/2008 r2 (32/64)/version vista/2008/win7/2008 r2 (32/64) Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows 7 (32-bit) Service Pack 1 is installed OR Microsoft Windows 7 x64 Service Pack 1 is installed OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed AND Check if the version of Wdfldr.sys is less than 1.11.9200.16384 OR server 2008 ia-64/version 2008/r2 Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND Check if the version of Wdfldr.sys is less than 1.9.7600.16385
BACK