Integer Overflow Vulnerability in Microsoft Windows Products
CVE-2013-3195

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Server 2008; Windows Rt; Windows Xp; Windows 8
Vendor: CVE Published:; 9 October 2013

Summary

The Comctl32.dll library is susceptible to an integer overflow vulnerability that occurs due to improper memory allocation in its DSA_InsertItem function. This weakness allows remote attackers to exploit a crafted argument sent to an ASP.NET web application, potentially leading to arbitrary code execution. The flaw affects multiple versions of Microsoft Windows, including Windows XP, Windows Vista, Windows 7, and several server editions.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/ncas/alerts/TA13-288A

third-party-advisoryx_refsource_CERT

EPSS Score

48% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2013
Vulnerability Reserved
Apr 17, 2013