Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:87287166C5511F458A2B797E5A889BC8
HistoryJun 03, 2013 - 12:00 a.m.

Internet Explorer VML Dashstyle Attributes Integer Overflow

2013-06-0300:00:00
SAINT Corporation
download.saintcorporation.com
14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Added: 06/03/2013
CVE: CVE-2013-2551
BID: 58570
OSVDB: 91197

Background

Vector Markup Language (VML) is an XML-based format for vector graphics.

Problem

An integer overflow vulnerability in **vml.dll** when processing **dashstyle** attributes of certain VML elements in a web page allows arbitrary command execution.

Resolution

Apply the update referenced in Microsoft Security Bulletin 13-037.

References

<http://secunia.com/advisories/53327/&gt;

Limitations

This exploit has been tested against Microsoft Internet Explorer 8, 9, and 10 with KB2817183 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit in Internet Explorer 8, 9 or 10 on the target.

Platforms

Windows

Related

packetstorm 1
cisa_kev 1
checkpoint_advisories 4
seebug 1
threatpost 5
saint 3
securityvulns 2
symantec 1
zdi 1
prion 3
cve 3
attackerkb 2
malwarebytes 1
thn 1
openvas 2
nessus 1
qualysblog 1
mskb 1
packetstorm
packetstorm
MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow
2013-06-13 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-03-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Suspicious HTML Containing Overly Long Text (CVE-2013-2551)
2014-02-25 00:00:00
Suspicious Javascript Containing Overly Long Strings (CVE-2013-2551)
2013-12-31 00:00:00
Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)
2013-05-14 00:00:00
seebug
seebug
Microsoft Internet Explorer δΈζ˜Žη»†θŠ‚θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-2551)
2013-03-20 00:00:00
threatpost
threatpost
Inside the RIG Exploit Kit
2016-11-04 17:58:47
Malvertising Campaign Hits AOL Ad Network, Leads to Exploit Kit
2015-01-06 14:25:29
Terror Exploit Kit Evolves Into Larger Threat
2017-05-19 14:22:23
saint
saint
Internet Explorer VML Dashstyle Attributes Integer Overflow
2013-06-03 00:00:00
Internet Explorer VML Dashstyle Attributes Integer Overflow
2013-06-03 00:00:00
Internet Explorer VML Dashstyle Attributes Integer Overflow
2013-06-03 00:00:00
securityvulns
securityvulns
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow &#40;MS13-037 / Pwn2Own&#41;
2013-05-27 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2013-05-27 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2013-2551 Use-After-Free Remote Code Execution Vulnerability
2013-03-11 00:00:00
zdi
zdi
(Pwn2Own) Microsoft Internet Explorer VML Parsing Remote Code Execution Vulnerabillity
2013-05-29 00:00:00
prion
prion
Design/Logic Flaw
2013-05-15 03:36:00
Design/Logic Flaw
2013-05-15 03:36:00
Design/Logic Flaw
2013-03-11 10:55:00
cve
cve
CVE-2013-1308
2013-05-15 03:36:00
CVE-2013-2551
2013-03-11 10:55:00
CVE-2013-1309
2013-05-15 03:36:00
attackerkb
attackerkb
CVE-2013-2551
2013-03-11 00:00:00
CVE-2013-1308
2013-05-15 00:00:00
malwarebytes
malwarebytes
RIG exploit kit distributes Princess ransomware
2017-08-31 20:04:32
thn
thn
Researchers Share New Insights Into RIG Exploit Kit Malware's Operations
2023-02-27 15:33:00
openvas
openvas
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)
2013-05-15 00:00:00
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)
2013-05-15 00:00:00
nessus
nessus
MS13-037: Cumulative Security Update for Internet Explorer (2829530)
2013-05-15 00:00:00
qualysblog
qualysblog
The Rise of Ransomware
2021-10-05 12:50:00
mskb
mskb
MS13-037: Cumulative Security Update for Internet Explorer: May 14, 2013
2013-05-14 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:87287166C5511F458A2B797E5A889BC8
packetstorm1cisa_kev1checkpoint_advisories4seebug1threatpost5saint3securityvulns2symantec1zdi1prion3cve3attackerkb2malwarebytes1thn1openvas2nessus1qualysblog1mskb1