Results 1 to 9 of 9
  1. #1
    Star Lounger
    Join Date
    Mar 2011
    Posts
    64
    Thanks
    14
    Thanked 1 Time in 1 Post

    What is CVE-2013-1393?

    Hello All,
    Does anyone know what CVE-2013-1393 is? I was in add/remove programs for other purposes and saw it as an entry.

    I did a search on it and the "National Vulnerability Database" stated: "Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors." and then went on to say: "Network exploitable; Victim must voluntarily interact with attack mechanism"

    Although my Norton Internet Security has never "flagged it" or brought it to my attention, I uninstalled it.

    Did I do the right thing?

    BTW, I am running WEindows 7 Home Premium . . .

    Thanks - Any help is appreciated.
    Bob

  2. #2
    New Lounger
    Join Date
    Dec 2013
    Posts
    8
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Hello,

    I am Vineeth and I am from the Norton Support team. I do not think it is a virus. If it was, Norton would have detected it.

    However, you can submit the file to us at https://submit.symantec.com/websubmit/retail.cgi. We will review the file and let you know if it is a virus.

  3. #3
    Star Lounger
    Join Date
    Mar 2011
    Posts
    64
    Thanks
    14
    Thanked 1 Time in 1 Post
    Thank you, Vineeth!
    However, I uninstalled CVE - 2013 -1393 after I read about it on the "National Vulnerability Database" (see my original post).
    I ran Malwarebytes Anti-Malware and it found that the AVG toolbar was present on my system. I allowed Malwarebytes Anti-Malware to remove it from my system.
    Perhaps CVE - 2013 -1393 was part of the toolbar?
    Thanks for any thoughts!
    Bob

  4. #4
    3 Star Lounger bassfisher6522's Avatar
    Join Date
    Jul 2013
    Location
    NC
    Posts
    373
    Thanks
    53
    Thanked 40 Times in 39 Posts
    It's a good thing you uninstalled it....looks like a backdoor....look at this......

    http://seclists.org/fulldisclosure/2013/Jan/218


    https://code.google.com/p/curvycorners/

  5. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Actually it could be a bad move. What you had was a fix to the security issue, not the malware - malware writers do not name their malware according to the nomenclature used in the US National Vulnerability Database.

    Likely this won't cause any problems, unless you are running drupal locally and not just for development purposes.
    Rui
    -------
    R4

  6. #6
    Star Lounger
    Join Date
    Mar 2011
    Posts
    64
    Thanks
    14
    Thanked 1 Time in 1 Post
    Bassfisher6522 and ruirib,
    Thank you to both of you!
    ruirib, it's not likely that I will "run drupal locally"
    Heck, I don't even know what it is . . .
    The Best,
    Bob

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Drupal is a Content Management System (CMS), used to developed websites. If you don't even know what it is, you will be fine without it. That said, it's weird that you got a patch for it, anyway.
    Rui
    -------
    R4

  8. #8
    Star Lounger
    Join Date
    Mar 2011
    Posts
    64
    Thanks
    14
    Thanked 1 Time in 1 Post
    ruirib,
    I only get patches through Windows Update and Norton except for updating programs like adobe acrobat, shockwave flash, java, and the other usual programs . . .?
    Again, thank you!
    Bob

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I wouldn't worry about it, then.
    Rui
    -------
    R4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •