CVE Vulnerabilities

CVE-2013-3195

Published: Oct 09, 2013 | Modified: Dec 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka Comctl32 Integer Overflow Vulnerability.

Affected Software

Name Vendor Start Version End Version
Windows_7 Microsoft * *
Windows_8 Microsoft - (including) - (including)
Windows_rt Microsoft - (including) - (including)
Windows_server_2003 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2012 Microsoft - (including) - (including)
Windows_vista Microsoft * *
Windows_xp Microsoft –sp2 (including) –sp2 (including)

References