CVE-2013-3174
published 2013-07-10CVE-2013-3174: DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and…
PriorityP270critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
31.98%
98.1th percentile
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by a specially crafted GIF file opened via DirectShow (e.g., via Media Player Classic). Hunt for GIF files being processed by qedit.dll's CImgGif::ReadImage function, particularly where the NW corner frame offset (file position 0x32C) and Global Color Table (file position 0x307) contain attacker-controlled values. ↗
- →Monitor for access violations (code c0000005) originating from qedit.dll at CImgGif::ReadImage+0x288 (address 60864094 on XP SP3), which indicates exploitation of this memory overwrite vulnerability. ↗
- →The exploit writes an attacker-controlled value (eax=ff414141) to an attacker-controlled memory address (edx=fea57028) via a mov dword ptr [edx],eax instruction inside qedit.dll. Detection should focus on anomalous GIF files causing qedit.dll to perform out-of-bounds writes. ↗
- ·Exploitation was confirmed on Windows XP SP3 and Windows 7 SP1 Spanish version only; behavior (module base addresses, crash offsets) may differ across other affected OS versions and locales. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-936r-x2q9-f854: DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows
ghsa_unreviewed·2022-05-13
CVE-2013-3174 [HIGH] CWE-94 GHSA-936r-x2q9-f854: DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
Red Hat
OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
vendor_redhat·2013-01-13·CVSS 10.0
CVE-2012-3174 [CRITICAL] OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) -
No detection rules found.
Bugzilla
CVE-2013-0422 CVE-2012-3174 java-1.7.0-openjdk various flaws [fedora-all]
bugzilla·2013-01-14·CVSS 10.0
CVE-2013-0422 [CRITICAL] CVE-2013-0422 CVE-2012-3174 java-1.7.0-openjdk various flaws [fedora-all]
CVE-2013-0422 CVE-2012-3174 java-1.7.0-openjdk various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects
Bugzilla
CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
bugzilla·2013-01-14·CVSS 10.0
CVE-2012-3174 [CRITICAL] CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
Oracle Java SE 7 Update 11 resolves CVE-2012-3174, an unknown flaw that allows for remote arbitrary code execution, related to CVE-2013-0422 (bug 894172).
External Reference:
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
Discussion:
Created java-1.7.0-openjdk tracking bugs for this issue
Affects: fedora-all [bug 895035]
---
Related commits in upstream OpenJDK7 repositories:
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ecc14534318c
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d9969a953f69
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2013
http://www.us-cert.gov/ncas/alerts/TA13-190Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883http://www.us-cert.gov/ncas/alerts/TA13-190Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883
2013-07-10
Published