CVE-2013-3918
EUVD-2013-385012.11.2013, 14:35
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_7 | * |
| microsoft | windows_8 | - |
| microsoft | windows_8.1 | - |
| microsoft | windows_rt | - |
| microsoft | windows_rt_8.1 | - |
| microsoft | windows_server_2003 | - |
| microsoft | windows_server_2012 | - |
| microsoft | windows_vista | - |
| microsoft | windows_xp | - |
| microsoft | windows_xp | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References