Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | TA13-168A | First vendor Publication | 2013-06-17 |
| Vendor | US-CERT | Last vendor Modification | 2013-06-18 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. DescriptionThe Microsoft Security Bulletin Summary for June 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities. ImpactThese vulnerabilities could allow remote code execution, information disclosure, denial of service, or elevation of privilege. SolutionApply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for June 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA13-168A.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 82 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 9 % | CWE-399 | Resource Management Errors |
| 5 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 5 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15981 | |||
| Oval ID: | oval:org.mitre.oval:def:15981 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3141) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3141 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16352 | |||
| Oval ID: | oval:org.mitre.oval:def:16352 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3122) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3122 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16393 | |||
| Oval ID: | oval:org.mitre.oval:def:16393 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3117) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3117 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16477 | |||
| Oval ID: | oval:org.mitre.oval:def:16477 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3112) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3112 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16507 | |||
| Oval ID: | oval:org.mitre.oval:def:16507 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3110) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3110 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16517 | |||
| Oval ID: | oval:org.mitre.oval:def:16517 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3139) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3139 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16655 | |||
| Oval ID: | oval:org.mitre.oval:def:16655 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3123) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3123 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16704 | |||
| Oval ID: | oval:org.mitre.oval:def:16704 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3142) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3142 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16708 | |||
| Oval ID: | oval:org.mitre.oval:def:16708 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3111) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3111 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16713 | |||
| Oval ID: | oval:org.mitre.oval:def:16713 | ||
| Title: | Vulnerability in Microsoft Office could allow remote code execution - MS13-051 (Mac OS X) | ||
| Description: | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." | ||
| Family: | macos | Class: | vulnerability |
| Reference(s): | CVE-2013-1331 | Version: | 3 |
| Platform(s): | Apple Mac OS X Apple Mac OS X Server | Product(s): | Microsoft Office 2011 for Mac |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16720 | |||
| Oval ID: | oval:org.mitre.oval:def:16720 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3124) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3124 | Version: | 6 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16732 | |||
| Oval ID: | oval:org.mitre.oval:def:16732 | ||
| Title: | Vulnerability in Microsoft Office could allow remote code execution - MS13-051 | ||
| Description: | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1331 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16763 | |||
| Oval ID: | oval:org.mitre.oval:def:16763 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3114) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3114 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16778 | |||
| Oval ID: | oval:org.mitre.oval:def:16778 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3120) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3120 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16824 | |||
| Oval ID: | oval:org.mitre.oval:def:16824 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3113) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3113 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16837 | |||
| Oval ID: | oval:org.mitre.oval:def:16837 | ||
| Title: | Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege - MS13-050 | ||
| Description: | The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1339 | Version: | 3 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16847 | |||
| Oval ID: | oval:org.mitre.oval:def:16847 | ||
| Title: | Kernel Information Disclosure Vulnerability - MS13-048 | ||
| Description: | The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3136 | Version: | 4 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 8 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16858 | |||
| Oval ID: | oval:org.mitre.oval:def:16858 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3125) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3125 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16860 | |||
| Oval ID: | oval:org.mitre.oval:def:16860 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3119) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3119 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16875 | |||
| Oval ID: | oval:org.mitre.oval:def:16875 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3121) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3121 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16914 | |||
| Oval ID: | oval:org.mitre.oval:def:16914 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3116) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3116 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16917 | |||
| Oval ID: | oval:org.mitre.oval:def:16917 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3118) - MS13-047 | ||
| Description: | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3118 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16943 | |||
| Oval ID: | oval:org.mitre.oval:def:16943 | ||
| Title: | Vulnerability in Kernel-Mode Driver Could Allow Denial of Service - MS13-049 | ||
| Description: | Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3138 | Version: | 3 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 | |
| Application | 2 | |
| Os | 2 | |
| Os | 2 | |
| Os | 1 | |
| Os | 1 | |
| Os | 3 | |
| Os | 1 | |
| Os | 2 | |
| Os | 1 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Office PNG File Handling Buffer Overflow | More info here |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-06-13 | IAVM : 2013-A-0120 - Microsoft Windows Print Spooler Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0039072 |
| 2013-06-13 | IAVM : 2013-A-0121 - Microsoft Office Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0039073 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 6700 - Revision : 20 - Type : FILE-IMAGE |
| 2020-03-24 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 53151 - Revision : 1 - Type : BROWSER-IE |
| 2020-03-24 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 53150 - Revision : 1 - Type : BROWSER-IE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51206 - Revision : 1 - Type : FILE-IMAGE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51205 - Revision : 1 - Type : FILE-IMAGE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51204 - Revision : 1 - Type : FILE-IMAGE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51203 - Revision : 1 - Type : FILE-IMAGE |
| 2017-08-23 | Microsoft Internet Explorer CDocument use after free attempt RuleID : 43648 - Revision : 2 - Type : BROWSER-IE |
| 2016-03-14 | Microsoft Internet Explorer superscript use after free attempt RuleID : 36224 - Revision : 2 - Type : BROWSER-IE |
| 2014-03-29 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 29989 - Revision : 3 - Type : BROWSER-IE |
| 2014-03-29 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 29988 - Revision : 3 - Type : BROWSER-IE |
| 2014-03-27 | Microsoft Multiple Products potentially malicious PNG detected - large or inv... RuleID : 29945 - Revision : 4 - Type : FILE-IMAGE |
| 2014-03-27 | Microsoft Office PNG parsing stack buffer overflow attempt RuleID : 29944 - Revision : 4 - Type : FILE-IMAGE |
| 2014-01-10 | Microsoft Internet Explorer double-free memory corruption attempt RuleID : 27101 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer double-free memory corruption attempt RuleID : 27100 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 9 CTreeNodeobject use-after-free attempt RuleID : 26988 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CDocument use after free attempt RuleID : 26890 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CTreeNode use after free memory corruption attempt RuleID : 26889 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CTreeNode use after free memory corruption attempt RuleID : 26888 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 26887 - Revision : 6 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 26886 - Revision : 6 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 26885 - Revision : 6 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 26884 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 26883 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 26882 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 8 tree element use after free attempt RuleID : 26878 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows TCPRecomputeMss denial of service attempt RuleID : 26877 - Revision : 5 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Internet Explorer 9 cached display node use-after-free attempt RuleID : 26876 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 9 CTreeNodeobject use-after-free attempt RuleID : 26875 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 9 CSS rules cache use-after-free attempt RuleID : 26874 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 9 CSS rules cache use-after-free attempt RuleID : 26873 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer double-free memory corruption attempt RuleID : 26872 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer double-free memory corruption attempt RuleID : 26871 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer double-free memory corruption attempt RuleID : 26870 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer double-free memory corruption attempt RuleID : 26869 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 8 select element deleted object access attempt RuleID : 26868 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 8 select element deleted object access attempt RuleID : 26867 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 26865 - Revision : 4 - Type : FILE-IMAGE |
| 2014-01-10 | Microsoft Internet Explorer create-add range on DOM objects memory corruption... RuleID : 26853 - Revision : 6 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer create-add range on DOM objects memory corruption... RuleID : 26852 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 5 compatibility mode use after free attempt RuleID : 26851 - Revision : 6 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer superscript use after free attempt RuleID : 26849 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 10 use after free attempt RuleID : 26847 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 10 insertImage with designMode on deleted object ... RuleID : 26846 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 10 insertImage with designMode on deleted object ... RuleID : 26845 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 9 layout engine memory corruption attempt RuleID : 26844 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 9 array element property use after free attempt RuleID : 26843 - Revision : 5 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-06-11 | Name : An application installed on the remote Mac OS X host is affected by a remote ... File : macosx_ms13-051.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-047.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The Windows kernel on the remote host is affected by an information disclosur... File : smb_nt_ms13-048.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote Windows host is affected by a denial of service vulnerability. File : smb_nt_ms13-049.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote Windows host is potentially affected by a privilege escalation vul... File : smb_nt_ms13-050.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote Office install has a buffer overflow vulnerability. File : smb_nt_ms13-051.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2013-07-20 17:22:17 |
|
| 2013-07-20 13:22:30 |
|
| 2013-07-16 17:18:31 |
|
