CVE-2013-3174

Microsoft Windows - Remote Code Execution via Crafted GIF File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3174. PoCs published by Andrés Gómez Ramírez.

AI-analyzed exploit summary The document describes a memory corruption vulnerability in Microsoft DirectShow (CVE-2013-3174) triggered by a crafted GIF file, leading to arbitrary code execution. It includes crash analysis and references but lacks exploit code.

Description

DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."

Exploits (1)

exploitdb WRITEUP

by Andrés Gómez Ramírez · textdoswindows

https://www.exploit-db.com/exploits/27050

View Code ZIP pw:eip

The document describes a memory corruption vulnerability in Microsoft DirectShow (CVE-2013-3174) triggered by a crafted GIF file, leading to arbitrary code execution. It includes crash analysis and references but lacks exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft DirectShow (Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012)

No auth needed

Prerequisites: Victim opens a malicious GIF file in an application using DirectShow (e.g., Media Player Classic)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/ncas/alerts/TA13-190A

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883

Scores

EPSS 0.3198

EPSS Percentile 98.1%

Details

CWE

CWE-94

Status published

Products (7)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_8 (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2012

microsoft/windows_vista

microsoft/windows_xp (2 CPE variants)

Published Jul 10, 2013

Tracked Since Feb 18, 2026