Integer Overflow Vulnerability in Microsoft Windows Products
CVE-2013-3195
Currently unrated
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 9 October 2013
Summary
The Comctl32.dll library is susceptible to an integer overflow vulnerability that occurs due to improper memory allocation in its DSA_InsertItem function. This weakness allows remote attackers to exploit a crafted argument sent to an ASP.NET web application, potentially leading to arbitrary code execution. The flaw affects multiple versions of Microsoft Windows, including Windows XP, Windows Vista, Windows 7, and several server editions.
References
EPSS Score
48% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved