Integer Overflow Vulnerability in Microsoft Windows Products
CVE-2013-3195

Currently unrated

Key Information:

Vendor
Microsoft
Vendor
CVE Published:
9 October 2013

Summary

The Comctl32.dll library is susceptible to an integer overflow vulnerability that occurs due to improper memory allocation in its DSA_InsertItem function. This weakness allows remote attackers to exploit a crafted argument sent to an ASP.NET web application, potentially leading to arbitrary code execution. The flaw affects multiple versions of Microsoft Windows, including Windows XP, Windows Vista, Windows 7, and several server editions.

References

EPSS Score

48% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.