CVE-2013-3183
published 2013-08-14CVE-2013-3183: The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT…
PriorityP355high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
80.47%
99.6th percentile
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka "ICMPv6 Vulnerability."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday August 2013: More font issues, some interesting DoSes
blogs_talos·2013-08-13·CVSS 1.5
[LOW] Microsoft Update Tuesday August 2013: More font issues, some interesting DoSes
## Microsoft Update Tuesday August 2013: More font issues, some interesting DoSes
It's a pretty standard month for Update Tuesday this time around. There's a total of 8 bulletins, covering 23 CVE issues. This bulletin addresses the final 2 issues reported during CanSecWest's Pwn2Own .
As usual, there's the requisite IE bulletin ( MS13-059 ), which covers 11 CVEs. This includes the 1 open IE Pwn2Own issue. The issues cover IE6-IE10 on all versions of Windows. All issues were privately reported to Microsoft, so they haven't been exploited in the wild yet. Several vulnerabilities are the result of a use-after-free, but there's also a stack-based buffer overflow when handling a specific font type ( CVE-2013-3181 ).
This month we also have another font issue ( MS13-060 ), this time in a Unic
Talos
Microsoft Update Tuesday August 2013: More font issues, some interesting DoSes
blogs_talos·2013-08-13·CVSS 1.5
[LOW] Microsoft Update Tuesday August 2013: More font issues, some interesting DoSes
It's a pretty standard month for Update Tuesday this time around. There's a total of 8 bulletins, covering 23 CVE issues. This bulletin addresses the final 2 issues reported during CanSecWest's Pwn2Own.
As usual, there's the requisite IE bulletin (MS13-059), which covers 11 CVEs. This includes the 1 open IE Pwn2Own issue. The issues cover IE6-IE10 on all versions of Windows. All issues were privately reported to Microsoft, so they haven't been exploited in the wild yet. Several vulnerabilities are the result of a use-after-free, but there's also a stack-based buffer overflow when handling a specific font type (CVE-2013-3181).
This month we also have another font issue (MS13-060), this time in a Unicode font. The vulnerability is only present in XP SP3, XP Professional 64-bit and Windows
http://www.us-cert.gov/ncas/alerts/TA13-225Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-065https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17918http://www.us-cert.gov/ncas/alerts/TA13-225Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-065https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17918
2013-08-14
Published