Integer Overflow Vulnerability in Microsoft Windows GDI
CVE-2013-3940

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows Server 2012; Windows Rt
Vendor: CVE Published:; 13 November 2013

Summary

The vulnerability in the Graphics Device Interface (GDI) of various Microsoft Windows versions allows attackers to exploit integer overflow issues. When a specially crafted image is processed within a Windows Write (.wri) document, it can lead to memory corruption. This flaw not only enables attackers to execute arbitrary code remotely but also poses risks of causing a denial of service by crashing the affected application.

References

http://www.us-cert.gov/ncas/alerts/TA13-317A

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 13, 2013
Vulnerability Reserved
Jun 4, 2013