Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11061
HistoryApr 11, 2017 - 12:00 a.m.

KLA11061 Information disclosure vulnerability in Microsoft Windows

2017-04-1100:00:00
Kaspersky Lab
threats.kaspersky.com
34

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

An incorrect handling of objects in memory has been found in libjpeg image-processing library functionality used in Microsoft Windows. Malicious users can exploit this vulnerability to obtain sensitive information. This vulnerability can be exploited remotely by convincing a user to run a specially designed application.

Original advisories

CVE-2013-6629

Related products

Microsoft-Silverlight

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2013-6629 critical

KB list

4015221

4015219

4015217

4015583

4019460

4017094

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

  • Mono Framework Version 5.0.0.48Microsoft Windows Vista Service Pack 2Microsoft Windows 7 Service Pack 1Microsoft Windows 8.1Microsoft Windows RT 8.1Microsoft Windows 10Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows Server 2008 Service Pack 2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows Server 2016Microsoft Silverlight 5Mono Framework Version 4.8.1.0

References

Related

openvas 45
ubuntucve 1
nessus 61
oraclelinux 2
veracode 24
f5 2
slackware 1
symantec 1
nvd 1
debiancve 1
mskb 10
mscve 1
redhat 5
cvelist 1
centos 2
prion 1
cve 1
amazon 1
ubuntu 3
securityvulns 6
gentoo 1
mageia 2
mozilla 1
fedora 6
ibm 7
threatpost 1
freebsd 2
chrome 1
osv 1
debian 2
suse 3
kaspersky 2
openvas
openvas
Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4015383)
2017-04-12 00:00:00
CentOS Update for libjpeg CESA-2013:1804 centos5
2013-12-17 00:00:00
RedHat Update for libjpeg RHSA-2013:1804-01
2013-12-17 00:00:00
ubuntucve
ubuntucve
CVE-2013-6629
2013-11-18 00:00:00
nessus
nessus
Scientific Linux Security Update : libjpeg on SL5.x i386/x86_64 (20131210)
2013-12-11 00:00:00
RHEL 5 : libjpeg (RHSA-2013:1804)
2013-12-10 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libjpeg (SSA:2013-350-02)
2013-12-17 00:00:00
oraclelinux
oraclelinux
libjpeg security update
2013-12-09 00:00:00
libjpeg-turbo security update
2013-12-09 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 08:53:01
Sensitive Information Disclosure
2019-05-02 05:00:31
Arbitrary Code Execution
2019-05-02 04:58:06
f5
f5
SOL59503294 - libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
K59503294 : libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
nvd
nvd
CVE-2013-6629
2013-11-19 04:50:56
debiancve
debiancve
CVE-2013-6629
2013-11-19 04:50:56
mskb
mskb
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability for Microsoft Silverlight 5: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
redhat
redhat
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2013:1803) Moderate: libjpeg-turbo security update
2013-12-09 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
cvelist
cvelist
CVE-2013-6629
2013-11-15 20:00:00
centos
centos
libjpeg security update
2013-12-10 00:47:48
libjpeg security update
2013-12-10 01:01:49
prion
prion
Design/Logic Flaw
2013-11-19 04:50:00
cve
cve
CVE-2013-6629
2013-11-19 04:50:56
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00
ubuntu
ubuntu
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
Thunderbird vulnerabilities
2013-12-11 00:00:00
Firefox vulnerabilities
2013-12-11 00:00:00
securityvulns
securityvulns
bugs in IJG jpeg6b & libjpeg-turbo
2013-12-09 00:00:00
[ MDVSA-2013:274 ] libjpeg
2013-11-26 00:00:00
libjpeg multiple security vulnerabilities
2013-12-09 00:00:00
gentoo
gentoo
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
mageia
mageia
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
Updated chromium-browser-stable packages fix multiple vulnerabilities
2013-11-13 23:09:45
mozilla
mozilla
JPEG information leak — Mozilla
2013-12-10 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-libjpeg-turbo-1.3.1-1.fc20
2014-06-10 03:09:55
[SECURITY] Fedora 20 Update: libjpeg-turbo-1.3.0-2.fc20
2013-12-24 03:42:20
[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19
2014-01-10 07:56:56
ibm
ibm
Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)
2021-04-28 18:35:50
Security Bulletin: Vulnerabilities in Rational Functional Tester due to IBM SDK, Java Technology Edition Version 1.6 and IBM SDK, Java Technology Edition Version 1.7
2018-09-29 20:06:32
Security Bulletin: SiteProtector System can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2013-6954, CVE-2013-6629, CVE-2014-2421, CVE-2014-0453, CVE-2014-1876, CVE-2014-4244, CVE-2014-4263) and in Tomcat (CVE-2014-0075)
2018-06-16 21:19:16
threatpost
threatpost
12 Flaws Fixed in Google Chrome
2013-11-12 13:17:53
freebsd
freebsd
chromium -- multiple vulnerabilities
2013-11-12 00:00:00
mozilla -- multiple vulnerabilities
2013-12-09 00:00:00
chrome
chrome
Stable Channel Update
2013-11-12 00:00:00
osv
osv
chromium-browser - several
2013-11-16 00:00:00
debian
debian
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
suse
suse
chromium: update to 31.0.1650.57 (important)
2013-11-27 20:04:35
Mozilla updates 2013/12 (important)
2013-12-13 15:04:36
chromium: 31.0.1650.57 version update (important)
2013-11-27 20:04:13
kaspersky
kaspersky
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-11 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON
Related for KLA11061
openvas45ubuntucve1nessus61oraclelinux2veracode24f52slackware1symantec1nvd1debiancve1mskb10mscve1redhat5cvelist1centos2prion1cve1amazon1ubuntu3securityvulns6gentoo1mageia2mozilla1fedora6ibm7threatpost1freebsd2chrome1osv1debian2suse3kaspersky2