Published: 09/10/2013 Updated: 07/12/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Windows Server 2008

The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote malicious users to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2008
microsoft windows rt -
microsoft windows xp -
microsoft windows 8 -
microsoft windows 7
microsoft windows server 2003
microsoft windows vista
microsoft windows server 2012 -

Microsoft Updates October 2013

Securelist • Kurt Baumgartner • 08 Oct 2013

Microsoft’s 2013 Treehouse of Horror Bulletins include a long list of fixes for memory corruption vulnerabilities effecting mostly previous versions of the software, and not the latest versions. Of immediate interest to most Windows users are the critical vulnerabilities being patched in Internet Explorer, multiple Windows drivers, and the .Net Framework which even effects the latest versions of Windows 8 and Windows Server 2012. Systems administrators at organizations also may pay immediate a...

CVE-2013-3195

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect