Windows Common Control Library vulnerability could allow remote code execution
Report ID: MS201310004
Date Published: 9 October 2013
Compromise Type: remote-code-execution
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
A vulnerability found in the Windows common control library could allow an attacker to execute code on an affected system if successfully exploited.
Microsoft has released a security update to address a remote code execution vulnerability in the Windows common control library. The vulnerability was caused by the DSA_InsertItem function fails to properly allocate memory for data structures.
The issue has been fixed in the update by correcting the way that Windows common control library allocates memory for data structures. Users are recommended to install the latest update to their system as a protection measure against possible exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-083)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.