内容安全 
大数据安全 
网络安全 
更多产品 
2013年7月26日漏洞特征库升级公告
发表日期:2013-07-26 16:31:00
| Vulnerability Description | ||
| CVE Number | Vulnerability Name | Description |
| CVE-2013-1300 | Microsoft Windows Win32k NtUserMessageCall Allocation overflow | A vulnerability in the implementation of NtUserMessageCall may allow an attacker to trigger an overflow and achieve elevation of privilege. |
| CVE-2013-1340 | Microsoft Windows Win32k handling menus local EOP. | A vulnerability exists in the way that Windows manipulates memory when handling menus that may lead to local EOP. |
| CVE-2013-1345 | Microsoft Windows Win32k xxxDestroyThreadDDEObject() Use After Free | There is a use after free vulnerability in xxxDestroyThreadDDEObject(). The root cause of this problem lied in the ability for a thread to use xxxDestroyThreadDDEObject() to free an object owned by a different thread. This causes a read AV, and possible arbitrary code execution, when the freed object's pointer is referenced during the owning thread's cleanup. |
| CVE-2013-3115 | Microsoft Windows IE Display Nodes Use After Free | There exists a Use After Free vulnerability in the way IE handles Display Nodes. |
| CVE-2013-3127 | Microsoft WMV Video Decoder Remote Code Execution | An underflow in WMVCore.dll can lead to Remote Code Execution. |
| CVE-2013-3129 | Microsoft .NET Framework TrueType Font Parsing | There is a local escalation of privilege vulnerability in the way that Windows manipulates memory when dealing with crafted fonts. The issue results in a write AV and possible arbitrary local code execution. |
| CVE-2013-3131 | Microsoft .NET Framework Array Access Violation | A remote code execution vulnerability exists in the .NET Framework. The root cause lies in the way that CLR handles multidimensional arrays of structs when they are passed to a function by reference. The vulnerability is exposed by Silverlight, as well as local .NET applications, so it could be used as a partial trust sandbox escape. The likely attack vectors include: 1. Persuading victims to visit a web site hosting a malicious Silverlight application. 2. Using targeted emails and social engineering to convince victims to locally execute a malicious .NET application. |
| CVE-2013-3132 | Microsoft .NET Framework Delegate Reflection Bypass | An escalation of privilege vulnerability exists in the way the .NET Framework validates the permissions of certain objects performing reflection. APIs that can create these objects are blacklisted using DangerousAPIs.h, preventing the CLR from delegating or reflecting on them. Additional APIs have been found that need to be added to the blacklist. The most likely attack vector is via website hosting a malicious XBAP/XAML application. |
| CVE-2013-3133 | Microsoft .NET Framework CLR Anonymous Method Injection | An escalation of privilege vulnerability exists in the .NET CLR, related to the CustomReflectionContext class. This vulnerability can be leveraged as a partial trust sandbox escape. |
| CVE-2013-3134 | Microsoft .NET Framework CLR Array Allocation | A remote code execution vulnerability exists in the .NET Framework. The root cause lies in the way that CLR handles multidimensional arrays of structs when they are passed to a function by reference. The vulnerability is exposed by Silverlight, as well as local .NET applications, so it could be used as a partial trust sandbox escape. The likely attack vectors include: 1. Persuading victims to visit a web site hosting a malicious Silverlight application. 2. Using targeted emails and social engineering to convince victims to locally execute a malicious .NET application. |
| CVE-2013-3143 | Microsoft Internet Explorer9 and 10 Memory Corruption | A vulnerability exists when Internet Explorer attempts to access an object that has been deleted. The Internet Explorer process may corrupt memory in such a way that will lead to a crash or to executing arbitrary code in the context of the current user. |
| CVE-2013-3144 | Microsoft Internet Explorer8 through 10 Memory Corruption | A vulnerability exists when Internet Explorer attempts to access an object that has been deleted. The Internet Explorer process may corrupt memory in such a way that will lead to a crash or to executing arbitrary code in the context of the current user. |
| CVE-2013-3145 | Microsoft Internet Explorer9 Memory Corruption | A vulnerability exists when Internet Explorer attempts to access an object that has been deleted. The Internet Explorer process may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| CVE-2013-3146 | Microsoft Internet Explorer10 Memory Corruption | An integer overflow vulnerability exists in Internet Explorer 10 while allocating memory for an object with a malformed size that will cause an array out-of-bound exception. The vulnerability may corrupt memory in such a way that will allow arbitrary memory read/write leading to a crash or to execute arbitrary code in the context of the current user. |
| CVE-2013-3147 | Microsoft Internet Explorer 6 through 9 Memory Corruption | A vulnerability exists when Internet Explorer attempts to access an object that has been deleted. The Internet Explorer process may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| CVE-2013-3148 | Microsoft Internet Explorer 6 through 10 Memory Corruption | There exists a Use After Free vulnerability in IE's CMshtmlEd handling code. |
| CVE-2013-3150 | Microsoft Internet Explorer 9 use-after-free Memory Corruption | This is a potentially exploitable use-after-free issue caused by accessing a deleted object |
| CVE-2013-3151 | Microsoft Internet Explorer8 through 10 use-after-free Memory Corruption | here exists a Use After Free vulnerability in the way IE handles CTreePos objects. |
| CVE-2013-3152 | Microsoft Internet Explorer10 DOM use-after-free Memory Corruption | A specific flaw exists within the handling of CTreePos objects. A use-after-free condition can trigger when accessing the innerText property after specific DOM object manipulations. An attacker can leverage this situation to execute code under the context of the user running the browser. |
| CVE-2013-3153 | Microsoft Internet Explorer 6 through 10 use-after-free Memory Corruption | IE is suffering from an use-after-free vulnerability where IE attempts to call PreviousTreePos on an object that was previously freed in swapNode. |
| CVE-2013-3161 | Microsoft Internet Explorer9 and 10 access deleted object Memory Corruption | A vulnerability exists when Internet Explorer attempts to access an object that has been deleted. The Internet Explorer process may corrupt memory in such a way that will lead to a crash or to executing arbitrary code in the context of the current user. |
| CVE-2013-3163 | Microsoft Internet Explorer8 through 10 access deleted object Memory Corruption | A vulnerability exists when Internet Explorer attempts to access an object that has been deleted. The Internet Explorer process may corrupt memory in such a way that will lead to a crash or to executing arbitrary code in the context of the current user. |
| CVE-2013-3164 | Microsoft Internet Explorer8 access deleted object Memory Corruption | A vulnerability exists when Internet Explorer attempts to access an object that has been deleted. The Internet Explorer process may corrupt memory in such a way that will lead to a crash or to executing arbitrary code in the context of the current user. |
| CVE-2013-3171 | Microsoft .NET Framework Delegate Serialization | The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1.a crafted XAML browser application (aka XBAP) or 2.a crafted .NET Framework application |
| CVE-2013-3174 | Microsoft Windows DirectShow Arbitrary Memory Overwrite | A memory corruption issue in DirectShow that may lead to remote code execution |
| CVE-2013-3178 | Microsoft Silverlight Null Pointer read AV and arbitrary code execution. | An escalation of privilege vulnerability exists in Silverlight. A function within Silverlight is unexpectedly returning null, which is then dereferenced. This results in a read AV and possible arbitrary code execution. |
| CVE-2013-3660 | Microsoft Windows Win32k EMR_FLATTENPATH Read AV | A vulnerability exists due to the way the Windows kernel-mode driver win32k improperly handles EMR_FLATTENPATH record objects in memory. An attacker who locally exploited this vulnerability could execute arbitrary code with system level privileges (EoP). Remote exploitation of this vulnerability could lead to a temporary Denial of Service and system restart (BSOD) or it may allow remote code execution in very limited cases only when some unlikely memory conditions not completely under attacker's control are satisfied. |
