Microsoft Windows CVE-2013-2556 ASLR Security Bypass Vulnerability

Bugtraq ID:	58566
Class:	Design Error
CVE:	CVE-2013-2556
Remote:	Yes
Local:	No
Published:	Mar 07 2013 12:00AM
Updated:	Sep 02 2013 12:09AM
Credit:	VUPEN Security
Vulnerable:	Microsoft Windows XP Service Pack 3 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems 0 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 0 Avaya Meeting Exchange - Web Conferencing Server 0 Avaya Meeting Exchange - Streaming Server 0 Avaya Meeting Exchange - Recording Server 0 Avaya Meeting Exchange - Client Registration Server 0 Avaya Communication Server 1000 Telephony Manager 0 Avaya CallPilot 0 Avaya Aura Conferencing Standard
Not Vulnerable:

Microsoft Windows CVE-2013-2556 ASLR Security Bypass Vulnerability

Microsoft Windows is prone to a security-bypass Vulnerability.

An attacker can exploit this issue to bypass certain security restrictions. This may aid in further attacks that may lead to arbitrary code execution, however, Symantec has not confirmed this.

Microsoft Windows CVE-2013-2556 ASLR Security Bypass Vulnerability

A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.

Microsoft Windows CVE-2013-2556 ASLR Security Bypass Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Windows CVE-2013-2556 ASLR Security Bypass Vulnerability

References:

• Microsoft Windows Homepage (Microsoft)