MS13-096  Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

2013-12-10 This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.
Vulnerabilities addressed in this bulletin:
Microsoft Graphics Component Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that affected Windows components and other affected software handle specially crafted TIFF files. The vulnerability could allow remote code execution if a user views TIFF files in shared content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
CVE-2013-3906

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2013-3906

Known exploited
Public exploit
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Max CVSS
9.3
EPSS Score
97.03%
Published
2013-11-06
Updated
2023-12-07
CISA KEV Added
2022-02-15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close