What is the severity of CVE-2013-3918?

CVE-2013-3918 has a CVSS v3 score of 8.8, which is classified as High severity.

Is there an exploit available for CVE-2013-3918?

Yes, there are known exploits available for CVE-2013-3918. Immediate patching is recommended.

Is there a patch available for CVE-2013-3918?

Yes, patches are available for CVE-2013-3918. Check the vendor advisories for update instructions.

CVE-2013-3918 - CVE Details, Severity, and Analysis

CVE-2013-3918 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v38.8

CVSS v29.3

Priority Score970.0

EPSS Score86.0

High

Exploitation LikelihoodCritical

86.00%EPSS

Very high probability of exploitation in the next 30 days

Immediate patching required

86.00%

EPSS

8.8

CVSS

Yes

Exploit

Yes

Patch

Critical Priority

high EPSS • exploit exists • high priority

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Required

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Exploit References

Cisa.gov Snort

Patch References

[email protected]Zeroday CZ

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Microsoft	Windows Server 2008
Microsoft