CVE-2013-3195 vulnerability in Microsoft Products
Published on October 9, 2013

The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability."

Vendor Advisory NVD

Products Associated with CVE-2013-3195

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Windows Server 2008

Microsoft Windows Rt

Microsoft Windows XP

Microsoft Windows 8

Microsoft Windows 7

Microsoft Windows Server 2003

Microsoft Windows Vista

Microsoft Windows Server 2012

Exploit Probability

EPSS

62.98%

Percentile

98.35%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-3195 vulnerability in Microsoft ProductsPublished on October 9, 2013

Products Associated with CVE-2013-3195

Exploit Probability

CVE-2013-3195 vulnerability in Microsoft Products
Published on October 9, 2013