CVE-2013-3906
CVE-2013-3906
In short
A flaw in GDI+ allows attackers to run malicious code by sending a specially crafted TIFF image, often embedded in documents like Word files. This vulnerability was actively exploited in the wild in late 2013.
Technical detail
CWE-94 (Code Injection) in GDI+ image processing across Windows Vista SP2, Server 2008 SP2, and multiple Office versions allows remote code execution when processing malformed TIFF images. Attack vector is remote via document embedding with no user interaction required beyond opening the file; impacts confidentiality, integrity, and availability.
Summary generated and translated by AI from the official description.
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/30011unverifiedexploitdbwww.exploit-db.com/exploits/30011unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspxhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3906http://technet.microsoft.com/security/advisory/2896666http://www.exploit-db.com/exploits/30011