Oval Definition:oval:org.mitre.oval:def:18715
Revision Date:2013-11-25Version:45
Title:Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (CVE-2013-3195) - MS13-083
Description:The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-3195
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Vulnerable Windows XP x64 sp2, Server 2003 x86/x64/ia64 sp2
  • Microsoft Windows XP x64 Edition SP2, Server 2003 SP2 x86/x64/ia64
  • Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND The version of Comctl32.dll is less than 5.82.3790.5190
  • OR Vulnerable Windows Vista x86/x64 sp2, Windows Server 2008 x86/x64/ia64 sp2
  • Microsoft Windows Vista SP2 x64/32-bit, Server 2008 32-bit/64-bit/ia-64 sp2
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND GDR or LDR Service branch
  • The version of Comctl32.dll is less than 5.82.6002.18879
  • OR LDR
  • The version of Comctl32.dll is greater than or equal to 5.82.6002.23000
  • AND The version of Comctl32.dll is less than 5.82.6002.23151
  • OR Vulnerable Windows 7 x86/x64 SP1, Windows 2008 R2 x64/ia64 SP1
  • Microsoft Windows 7 32-bit/x64 SP1, Windows Server 2008 R2 x64/Itanium SP1
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND GDR or LDR Service branch
  • The version of Comctl32.dll is less than 5.82.7601.18201
  • OR LDR
  • The version of Comctl32.dll is greater than or equal to 5.82.7601.22000
  • AND The version of Comctl32.dll is less than 5.82.7601.22376
  • OR Vulnerable Windows 8 x86/x64, Windows Server 2012
  • Microsoft Windows 8 x86/x64, Windows Server 2012
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND GDR or LDR Service branch
  • The version of Comctl32.dll is less than 5.82.9200.16657
  • OR LDR
  • The version of Comctl32.dll is greater than or equal 5.82.9200.20000
  • AND The version of Comctl32.dll is less than 5.82.9200.20765
    • BACK