MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure
2013-05-14 This security update resolves a privately reported vulnerability in Windows Essentials. The vulnerability could allow information disclosure if a user opens Windows Writer using a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Windows Essentials Improper URI Handling Vulnerability
CVE-2013-0096
Bulletin details at Microsoft.com
Related CVE Entries
Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
Max CVSS
6.8
EPSS Score
29.51%
Published
2013-05-15
Updated
2018-10-12