Microsoft OLE Automation Remote Code Execution Vulnerability (2802968) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS13-020.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-020

Insight

The flaw is due to memory allocation error in Microsoft Windows Object Linking and Embedding (OLE) Automation, This can be exploited to execute arbitrary code on the target system.

Affected

Microsoft Windows XP x32 Edition Service Pack 3 and prior

References

http://support.microsoft.com/kb/2802968
http://technet.microsoft.com/en-us/security/bulletin/ms13-020
http://www.securitytracker.com/id/1028118

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1313

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)

Take action and discover your vulnerabilities