Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2556

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-2556
Last Modified 02 Nov 2013 11:32:15
Published 11 Mar 2013 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-2556

Summary

Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "ASLR Security Feature Bypass Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7 -

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Vista


References

MISC - http://twitter.com/VUPEN/statuses/309713355466227713

MISC - http://twitter.com/thezdi/statuses/309756927301283840

MISC - http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

MS - MS13-063

CERT - TA13-225A

Related Patches

MS13-063 Security Update for Windows Vista (KB2859537)

MS13-063 Security Update for Windows Server 2003 (KB2859537)

MS13-063 Security Update for Windows XP (KB2859537)

MS13-063 Security Update for Windows Server 2008 (KB2859537)

MS13-063 Security Update for Windows Vista x64 (KB2859537)

MS13-063 Security Update for Windows Server 2008 x64 (KB2859537)


Last Updated: 27 May 2016 11:03:13