MS13-045  Vulnerability in Windows Essentials Could Allow Information Disclosure

2013-05-14 This security update resolves a privately reported vulnerability in Windows Essentials. The vulnerability could allow information disclosure if a user opens Windows Writer using a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.
Vulnerabilities addressed in this bulletin:
Windows Essentials Improper URI Handling Vulnerability

CVE-2013-0096

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2013-0096

Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
Max CVSS
6.8
EPSS Score
29.51%
Published
2013-05-15
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close