CVE-2013-3906
Microsoft Graphics Component Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
YesDecision
Descriptions
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
El componente GDI + de Microsoft Windows Vista SP2 y Server 2008 SP2, Office 2003 SP3, 2007 SP3 y 2010 SP1 y SP2, Office Compatibility Pack SP3 y Lync 2010, 2010 Attende, 2.013 y Basic 2013 permite a atacantes remotos ejecutar código arbitrario a través de una imagen TIFF manipulada, como se ha demuestrado por exploits relaizados en octubre y noviembre de 2013 al abrir una imagen en un documento Word.
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-03 CVE Reserved
- 2013-11-06 CVE Published
- 2013-12-03 First Exploit
- 2022-02-15 Exploited in Wild
- 2022-08-15 KEV Due Date
- 2024-08-06 CVE Updated
- 2024-09-26 EPSS Updated
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (6)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://technet.microsoft.com/security/advisory/2896666 | 2024-07-24 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096 | 2024-07-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Lync Search vendor "Microsoft" for product "Lync" | 2010 Search vendor "Microsoft" for product "Lync" and version "2010" | attendee |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Lync Search vendor "Microsoft" for product "Lync" | 2013 Search vendor "Microsoft" for product "Lync" and version "2013" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | - | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Powerpoint Viewer Search vendor "Microsoft" for product "Powerpoint Viewer" | 2010 Search vendor "Microsoft" for product "Powerpoint Viewer" and version "2010" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Powerpoint Viewer Search vendor "Microsoft" for product "Powerpoint Viewer" | 2010 Search vendor "Microsoft" for product "Powerpoint Viewer" and version "2010" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Word Viewer Search vendor "Microsoft" for product "Word Viewer" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp2 |
Affected
|