Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows Common Control Library vulnerability could allow remote code execution


Report ID: MS201310004
Date Published: 9 October 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012
Windows RT




Summary

A vulnerability found in the Windows common control library could allow an attacker to execute code on an affected system if successfully exploited.



Detailed Description

Microsoft has released a security update to address a remote code execution vulnerability in the Windows common control library. The vulnerability was caused by the DSA_InsertItem function fails to properly allocate memory for data structures.

The issue has been fixed in the update by correcting the way that Windows common control library allocates memory for data structures. Users are recommended to install the latest update to their system as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-3195



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-083)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.