Computer Security

Microsoft Windows multiple security vulnerabilities

back  news / advisories / software / search /  forward
[EN] securityvulns.ru no-pyccku


Microsoft Windows multiple security vulnerabilities
Published:13.11.2013
Source:
SecurityVulns ID:13397
Type:library
Threat Level:
8/10
Description:GDI integer overflow, InformationCardSigninHelper ActiveX code execution, AFD driver information leak, X.509 certificates DoS, Hyper-V privilege escalation.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 8.1
CVE:CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability.")
 CVE-2013-3918 (The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability.")
 CVE-2013-3887 (The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability.")
 CVE-2013-3869 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability.")
Files:Microsoft Security Bulletin MS13-089 - Critical Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
 Microsoft Security Bulletin MS13-090 - Critical Cumulative Security Update of ActiveX Kill Bits (2900986)
 Microsoft Security Bulletin MS13-093 - Important Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
 Microsoft Security Bulletin MS13-095 - Important Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
 Microsoft Security Bulletin MS13-092 - Important Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod