Microsoft OLE Automation Remote Code Execution Vulnerability (2802968) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS13-020.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-020

Insight

The flaw is due to memory allocation error in Microsoft Windows Object Linking and Embedding (OLE) Automation, This can be exploited to execute arbitrary code on the target system.

Affected

Microsoft Windows XP x32 Edition Service Pack 3 and prior

References

http://support.microsoft.com/kb/2802968
http://technet.microsoft.com/en-us/security/bulletin/ms13-020
http://www.securitytracker.com/id/1028118

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1313

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
Microsoft DirectAccess Security Advisory (2862152)
Cumulative Security Update for Internet Explorer (953838)
ADODB.Stream object from Internet Explorer (KB870669)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)

Take action and discover your vulnerabilities