Executive Summary
Summary | |
---|---|
Title | Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883) |
Informations | |||
---|---|---|---|
Name | MS13-057 | First vendor Publication | 2013-07-09 |
Vendor | Microsoft | Last vendor Modification | 2013-08-27 |
Severity (Vendor) | Critical | Revision | 3.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates. See the Update FAQ for more information. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-057 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16998 | |||
Oval ID: | oval:org.mitre.oval:def:16998 | ||
Title: | WMV Video Decoder remote code execution vulnerability - MS13-057 | ||
Description: | The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3127 | Version: | 15 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 Windows Media Format Runtime 11 Windows Media Player 12 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 2 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-07-11 | IAVM : 2013-B-0072 - Microsoft Windows Media Format Runtime Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0039212 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-10 | Name : The remote Windows host is potentially affected by a remote code execution vu... File : smb_nt_ms13-057.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:47:43 |
|
2013-11-11 12:41:34 |
|
2013-08-27 21:15:58 |
|
2013-08-13 21:20:24 |
|
2013-07-10 21:22:28 |
|
2013-07-10 13:22:55 |
|
2013-07-09 21:16:30 |
|