Summary
This host is missing an important security update according to Microsoft Bulletin MS13-063.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code with kernel-mode privileges and or corrupt memory.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-063
Insight
Multiple flaws are due to,
- An error within Address Space Layout Randomization (ASLR) implementation can be exploited to bypass the ASLR security feature.
- Multiple error within the NT Virtual DOS Machine (NTVDM) subsystem.
Affected
Microsoft Windows 8
Microsoft Windows XP x32 Edition Service Pack 3 and prior Microsoft Windows 2003 x32 Edition Service Pack 2 and prior Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2013-2556, CVE-2013-3196, CVE-2013-3197, CVE-2013-3198 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
- Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
- Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)