Executive Summary

Informations
Name TA13-043B First vendor Publication 2013-02-12
Vendor US-CERT Last vendor Modification 2013-02-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for February 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA13-043B.html

CWE : Common Weakness Enumeration

% Id Name
62 % CWE-362 Race Condition
29 % CWE-399 Resource Management Errors
4 % CWE-264 Permissions, Privileges, and Access Controls
2 % CWE-200 Information Exposure
2 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15524
 
Oval ID: oval:org.mitre.oval:def:15524
Title: Win32k Race Condition Vulnerability CVE-2013-1254 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1254
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15873
 
Oval ID: oval:org.mitre.oval:def:15873
Title: Media Decompression Vulnerability - MS13-011
Description: Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0077
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15875
 
Oval ID: oval:org.mitre.oval:def:15875
Title: Internet Explorer CMarkup use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0020
Version: 5
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15911
 
Oval ID: oval:org.mitre.oval:def:15911
Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities-II MS12-080
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3217
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15967
 
Oval ID: oval:org.mitre.oval:def:15967
Title: Win32k Race Condition Vulnerability CVE-2013-1268 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1268
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15999
 
Oval ID: oval:org.mitre.oval:def:15999
Title: Win32k Race Condition Vulnerability CVE-2013-1266 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1266
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16069
 
Oval ID: oval:org.mitre.oval:def:16069
Title: Internet Explorer LsGetTrailInfo use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0022
Version: 5
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16080
 
Oval ID: oval:org.mitre.oval:def:16080
Title: Oracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3217 (MS13-013)
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3217
Version: 3
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16122
 
Oval ID: oval:org.mitre.oval:def:16122
Title: Win32k Race Condition Vulnerability CVE-2013-1253 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1253
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16126
 
Oval ID: oval:org.mitre.oval:def:16126
Title: Internet Explorer pasteHTML use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0024
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16142
 
Oval ID: oval:org.mitre.oval:def:16142
Title: Win32k Race Condition Vulnerability CVE-2013-1250 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1250
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16175
 
Oval ID: oval:org.mitre.oval:def:16175
Title: VML memory corruption vulnerability in Internet Explorer - MS13-010
Description: The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0030
Version: 8
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16176
 
Oval ID: oval:org.mitre.oval:def:16176
Title: Win32k Race Condition Vulnerability CVE-2013-1257 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1257
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16178
 
Oval ID: oval:org.mitre.oval:def:16178
Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3214
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16202
 
Oval ID: oval:org.mitre.oval:def:16202
Title: Vulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0393 - MS13-012
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0393
Version: 3
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2003
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16224
 
Oval ID: oval:org.mitre.oval:def:16224
Title: Win32k Race Condition Vulnerability CVE-2013-1274 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1274
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16244
 
Oval ID: oval:org.mitre.oval:def:16244
Title: Win32k Race Condition Vulnerability CVE-2013-1262 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1262
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16245
 
Oval ID: oval:org.mitre.oval:def:16245
Title: Internet Explorer CHTML use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0029
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16249
 
Oval ID: oval:org.mitre.oval:def:16249
Title: Internet Explorer CObjectElement use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0028
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16251
 
Oval ID: oval:org.mitre.oval:def:16251
Title: Vulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0418 - MS13-012
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0418
Version: 4
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2003
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16256
 
Oval ID: oval:org.mitre.oval:def:16256
Title: Win32k Race Condition Vulnerability CVE-2013-1277 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1277
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16284
 
Oval ID: oval:org.mitre.oval:def:16284
Title: Win32k Race Condition Vulnerability CVE-2013-1261 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1261
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16294
 
Oval ID: oval:org.mitre.oval:def:16294
Title: Internet Explorer SLayoutRun use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0025
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16301
 
Oval ID: oval:org.mitre.oval:def:16301
Title: Win32k Race Condition Vulnerability CVE-2013-1260 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1260
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16313
 
Oval ID: oval:org.mitre.oval:def:16313
Title: Vulnerability in Windows Kernel could allow elevation of privilege - MS13-017
Description: Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1278
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16320
 
Oval ID: oval:org.mitre.oval:def:16320
Title: Win32k Race Condition Vulnerability CVE-2013-1249 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1249
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16342
 
Oval ID: oval:org.mitre.oval:def:16342
Title: Win32k Race Condition Vulnerability CVE-2013-1263 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1263
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16344
 
Oval ID: oval:org.mitre.oval:def:16344
Title: Win32k Race Condition Vulnerability CVE-2013-1259 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1259
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16349
 
Oval ID: oval:org.mitre.oval:def:16349
Title: Win32k Race Condition Vulnerability CVE-2013-1270 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1270
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16360
 
Oval ID: oval:org.mitre.oval:def:16360
Title: Internet Explorer CPasteCommand use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0027
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16371
 
Oval ID: oval:org.mitre.oval:def:16371
Title: Shift JIS character encoding vulnerability - MS13-009
Description: Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0015
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16373
 
Oval ID: oval:org.mitre.oval:def:16373
Title: TCP FIN WAIT Vulnerability - MS13-018
Description: The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0075
Version: 4
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16374
 
Oval ID: oval:org.mitre.oval:def:16374
Title: Win32k Race Condition Vulnerability CVE-2013-1269 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1269
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16379
 
Oval ID: oval:org.mitre.oval:def:16379
Title: Win32k Race Condition Vulnerability CVE-2013-1264 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1264
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16385
 
Oval ID: oval:org.mitre.oval:def:16385
Title: Microsoft OLE Automation Remote Code Execution Vulnerability - MS13-020
Description: Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1313
Version: 6
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16388
 
Oval ID: oval:org.mitre.oval:def:16388
Title: Microsoft NFS Server Denial Of Service Vulnerability - MS13-014
Description: The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1281
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16399
 
Oval ID: oval:org.mitre.oval:def:16399
Title: Win32k Race Condition Vulnerability CVE-2013-1275 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1275
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16408
 
Oval ID: oval:org.mitre.oval:def:16408
Title: Win32k Race Condition Vulnerability CVE-2013-1251 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1251
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16412
 
Oval ID: oval:org.mitre.oval:def:16412
Title: Win32k Race Condition Vulnerability CVE-2013-1267 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1267
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16431
 
Oval ID: oval:org.mitre.oval:def:16431
Title: Win32k Race Condition Vulnerability CVE-2013-1248 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1248
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16432
 
Oval ID: oval:org.mitre.oval:def:16432
Title: Win32k Race Condition Vulnerability CVE-2013-1276 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1276
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16436
 
Oval ID: oval:org.mitre.oval:def:16436
Title: Win32k Race Condition Vulnerability CVE-2013-1256 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1256
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16438
 
Oval ID: oval:org.mitre.oval:def:16438
Title: Internet Explorer SetCapture use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0018
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16443
 
Oval ID: oval:org.mitre.oval:def:16443
Title: Win32k Race Condition Vulnerability CVE-2013-1272 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1272
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16448
 
Oval ID: oval:org.mitre.oval:def:16448
Title: Vulnerability in Windows Kernel could allow elevation of privilege - MS13-017
Description: The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1280
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16458
 
Oval ID: oval:org.mitre.oval:def:16458
Title: Vulnerability in Windows Kernel could allow elevation of privilege - MS13-017
Description: Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1279
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16460
 
Oval ID: oval:org.mitre.oval:def:16460
Title: Win32k Race Condition Vulnerability CVE-2013-1271 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1271
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16465
 
Oval ID: oval:org.mitre.oval:def:16465
Title: Internet Explorer COmWindowProxy use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0019
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16470
 
Oval ID: oval:org.mitre.oval:def:16470
Title: Internet Explorer CDispNode use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0023
Version: 5
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16472
 
Oval ID: oval:org.mitre.oval:def:16472
Title: Internet Explorer InsertElement use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0026
Version: 5
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16474
 
Oval ID: oval:org.mitre.oval:def:16474
Title: Win32k Race Condition Vulnerability CVE-2013-1258 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1258
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16475
 
Oval ID: oval:org.mitre.oval:def:16475
Title: WinForms callback elevation vulnerability in .NET Framework - MS13-015
Description: The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0073
Version: 7
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16478
 
Oval ID: oval:org.mitre.oval:def:16478
Title: Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) could allow elevation of privilege - MS13-019
Description: The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0076
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16480
 
Oval ID: oval:org.mitre.oval:def:16480
Title: Win32k Race Condition Vulnerability CVE-2013-1252 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1252
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16483
 
Oval ID: oval:org.mitre.oval:def:16483
Title: Internet Explorer vtable use after free vulnerability - MS13-009
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0021
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16490
 
Oval ID: oval:org.mitre.oval:def:16490
Title: Win32k Race Condition Vulnerability CVE-2013-1273 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1273
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16500
 
Oval ID: oval:org.mitre.oval:def:16500
Title: Oracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3214 (MS13-013)
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3214
Version: 3
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16501
 
Oval ID: oval:org.mitre.oval:def:16501
Title: Win32k Race Condition Vulnerability CVE-2013-1255 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1255
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16510
 
Oval ID: oval:org.mitre.oval:def:16510
Title: Win32k Race Condition Vulnerability CVE-2013-1265 - MS13-016
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1265
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Application 2
Application 5
Application 2
Os 5
Os 2
Os 1
Os 1
Os 11
Os 1
Os 2
Os 2

SAINT Exploits

Description Link
Internet Explorer SLayoutRun CParaElement Node Use After Free More info here

OpenVAS Exploits

Date Description
2012-12-12 Name : MS Exchange Server Remote Code Execution Vulnerabilities (2784126)
File : nvt/secpod_ms12-080.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-02-14 IAVM : 2013-A-0041 - Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Privilege Escalati...
Severity : Category II - VMSKEY : V0036821
2013-02-14 IAVM : 2013-A-0040 - Microsoft .NET Framework Privilege Escalation Vulnerability
Severity : Category I - VMSKEY : V0036822
2013-02-14 IAVM : 2013-A-0042 - Microsoft Windows Media Decompression Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0036827
2013-02-14 IAVM : 2013-B-0013 - Microsoft NFS Server Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0036830
2013-02-14 IAVM : 2013-A-0044 - Multiple Vulnerabilities in FAST Search Server 2010 for Microsoft SharePoint
Severity : Category II - VMSKEY : V0036831

Snort® IPS/IDS

Date Description
2019-04-18 Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt
RuleID : 49496 - Revision : 1 - Type : FILE-OFFICE
2019-04-18 Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt
RuleID : 49494 - Revision : 1 - Type : FILE-OFFICE
2018-09-11 Microsoft Internet Explorer pre-line use after free attempt
RuleID : 47463 - Revision : 2 - Type : BROWSER-IE
2017-06-06 Microsoft Internet Explorer deleted object access memory corruption attempt
RuleID : 42450 - Revision : 2 - Type : BROWSER-IE
2017-06-06 Microsoft Internet Explorer deleted object access memory corruption attempt
RuleID : 42449 - Revision : 2 - Type : BROWSER-IE
2017-06-06 Microsoft Internet Explorer deleted object access memory corruption attempt
RuleID : 42448 - Revision : 2 - Type : BROWSER-IE
2016-10-11 Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt
RuleID : 40065 - Revision : 4 - Type : OS-WINDOWS
2016-10-11 Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt
RuleID : 40064 - Revision : 2 - Type : OS-WINDOWS
2016-03-14 Microsoft Internet Explorer pre-line use after free attempt
RuleID : 36436 - Revision : 2 - Type : BROWSER-IE
2015-05-21 Oracle Outside In Paradox database denial of service attempt
RuleID : 34160 - Revision : 3 - Type : SERVER-OTHER
2015-05-21 Oracle CorelDRAW file parser heap buffer overflow attempt
RuleID : 34142 - Revision : 3 - Type : SERVER-OTHER
2015-05-21 Oracle CorelDRAW file parser heap buffer overflow attempt
RuleID : 34141 - Revision : 3 - Type : SERVER-OTHER
2014-11-16 Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre...
RuleID : 31486 - Revision : 2 - Type : BROWSER-IE
2014-11-16 Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre...
RuleID : 31485 - Revision : 2 - Type : BROWSER-IE
2014-05-03 Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre...
RuleID : 30345 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 9 deleted object access memory corruption attempt
RuleID : 27717 - Revision : 2 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 9 deleted object access memory corruption attempt
RuleID : 27716 - Revision : 2 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26225 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26224 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26223 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26222 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26221 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26220 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26219 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26218 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26217 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 26216 - Revision : 3 - Type : BROWSER-IE
2014-01-10 TCP FIN sent to client
RuleID : 25970 - Revision : 3 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows DirectShow MPEG heap overflow attempt
RuleID : 25796 - Revision : 3 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows DirectShow MPEG heap overflow attempt
RuleID : 25795 - Revision : 3 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Internet Explorer invalid Shift_JIS character xss attempt
RuleID : 25794 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer invalid Shift_JIS character xss attempt
RuleID : 25793 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer SVG object use after free attempt
RuleID : 25792 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer compatibility mode invalid memory access attempt
RuleID : 25791 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer compatibility mode invalid memory access attempt
RuleID : 25790 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer iframe use after free attempt
RuleID : 25789 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer iframe use after free attempt
RuleID : 25788 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 9 deleted object access memory corruption attempt
RuleID : 25787 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 9 deleted object access memory corruption attempt
RuleID : 25786 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer text layout calculation use after free attempt
RuleID : 25785 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer text layout calculation use after free attempt
RuleID : 25784 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer SVG use after free attempt
RuleID : 25778 - Revision : 5 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CTreePos use after free memory corruption attempt
RuleID : 25777 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CTreePos use after free memory corruption attempt
RuleID : 25776 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer pre-line use after free attempt
RuleID : 25775 - Revision : 6 - Type : BROWSER-IE
2014-01-10 TCP FIN handshake resource exhaustion attempt
RuleID : 25774 - Revision : 4 - Type : OS-WINDOWS
2014-01-10 Microsoft Internet Explorer VML shape object malformed path attempt
RuleID : 25773 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre...
RuleID : 25772 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer custom cursor file use after free attempt
RuleID : 25771 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted object access memory corruption attempt
RuleID : 25770 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CHTMLEditor object use after free attempt
RuleID : 25769 - Revision : 5 - Type : BROWSER-IE
2014-01-10 Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt
RuleID : 24006 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code exec...
RuleID : 23845 - Revision : 8 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt
RuleID : 23844 - Revision : 14 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2013-02-12 Name : The remote host is affected by multiple code execution vulnerabilities.
File : smb_nt_ms13-009.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms13-010.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote Windows host is potentially affected by a code execution vulnerabi...
File : smb_nt_ms13-011.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote mail server has multiple vulnerabilities.
File : smb_nt_ms13-012.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote Windows host is affected by multiple code execution vulnerabilities.
File : smb_nt_ms13-013.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote Windows host is potentially affected by a denial of service vulner...
File : smb_nt_ms13-014.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The version of the .NET Framework installed on the remote host is affected by...
File : smb_nt_ms13-015.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The Windows kernel on the remote host is affected by multiple race condition ...
File : smb_nt_ms13-016.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The Windows kernel on the remote host is affected by multiple vulnerabilities.
File : smb_nt_ms13-017.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote Windows host is affected by a denial of service vulnerability.
File : smb_nt_ms13-018.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote Windows host has a privilege escalation vulnerability.
File : smb_nt_ms13-019.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote Windows host is affected by a remote code execution vulnerability.
File : smb_nt_ms13-020.nasl - Type : ACT_GATHER_INFO
2012-12-11 Name : The remote mail server has multiple vulnerabilities.
File : smb_nt_ms12-080.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2013-10-11 13:31:25
  • Multiple Updates
2013-10-10 13:24:16
  • Multiple Updates
2013-07-20 13:22:30
  • Multiple Updates
2013-02-13 17:19:05
  • First insertion