InformationCardSigninHelper ActiveX Control Vulnerability in Microsoft Windows
CVE-2013-3918

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows Server 2012; Windows Rt
Vendor: CVE Published:; 12 November 2013

Badges

👾 Exploit Exists🟣 EPSS 87%🦅 CISA Reported

What is CVE-2013-3918?

The InformationCardSigninHelper ActiveX control in the icardie.dll file poses a serious security risk across multiple versions of Microsoft Windows platforms. This vulnerability allows remote attackers to execute arbitrary code or trigger a denial of service condition by persuading users to access a specially crafted web page through Internet Explorer. Discovered to be actively exploited in the wild since November 2013, this issue affects users running outdated or unpatched systems, emphasizing the importance of regular updates and security measures.

CISA has reported CVE-2013-3918

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2013-3918 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.