Vulnerabilities > CVE-2013-1313 - Resource Management Errors vulnerability in Microsoft Windows XP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id MS13-037 bulletin_url date 2013-05-14T00:00:00 impact Remote Code Execution knowledgebase_id 2829530 knowledgebase_url severity Critical title Cumulative Security Update for Internet Explorer bulletin_id MS13-020 bulletin_url date 2013-02-12T00:00:00 impact Remote Code Execution knowledgebase_id 2802968 knowledgebase_url severity Critical title Vulnerability in OLE Automation Could Allow Remote Code Execution
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS13-020.NASL |
description | The remote host is running a version of Windows that is affected by a remote code execution vulnerability. An attacker can exploit this by causing a user to visit a website containing a specially crafted file. Exploitation could allow an attacker to execute arbitrary code with the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 64581 |
published | 2013-02-12 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/64581 |
title | MS13-020: Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) |
code |
|
Oval
accepted | 2013-06-10T04:00:56.665-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:16385 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-02-15T08:51:55 | ||||||||||||
title | Microsoft OLE Automation Remote Code Execution Vulnerability - MS13-020 | ||||||||||||
version | 74 |
References
- http://www.us-cert.gov/cas/techalerts/TA13-043B.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-020
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16385