Executive Summary

Summary
TitleVulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
Informations
NameKB2896666First vendor Publication2013-11-05
VendorMicrosoftLast vendor Modification2013-12-10
Severity (Vendor) N/ARevision2.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

General Information

Executive Summary

Microsoft has completed the investigation into a private report of this vulnerability. We have issued MS13-096 to address the Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906). For more information about this issue, including download links for an available security update, please review MS13-096.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/2896666.mspx

CWE : Common Weakness Enumeration

%idName
50 %CWE-399Resource Management Errors
50 %CWE-94Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21019
 
Oval ID: oval:org.mitre.oval:def:21019
Title: Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906) - MS13-096
Description: GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3906
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Word Viewer
Microsoft Excel Viewer 2007
Microsoft PowerPoint Viewer 2010
Microsoft Lync 2010
Microsoft Lync Basic 2013
Microsoft Lync 2010 Attendee
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18665
 
Oval ID: oval:org.mitre.oval:def:18665
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893) - MS13-080
Description: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3893
Version: 6
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application7
Application5
Application2
Application6
Os3
Os2

SAINT Exploits

DescriptionLink
Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free VulnerabilityMore info here

ExploitDB Exploits

idDescription
2013-12-03Microsoft Tagged Image File Format (TIFF) Integer Overflow
2013-10-15MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
2013-10-02Micorosft Internet Explorer SetMouseCapture Use-After-Free

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-12-12IAVM : 2013-A-0225 - Microsoft GDI Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0042593
2013-10-10IAVM : 2013-A-0188 - Cumulative Security Update for Microsoft Internet Explorer
Severity : Category I - VMSKEY : V0040759

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28526 - Revision : 8 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28525 - Revision : 8 - Type : FILE-OFFICE
2014-01-10Microsoft GDI library TIFF handling memory corruption attempt
RuleID : 28488 - Revision : 3 - Type : OS-WINDOWS
2014-01-10Microsoft GDI library TIFF handling memory corruption attempt
RuleID : 28487 - Revision : 3 - Type : OS-WINDOWS
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28473 - Revision : 8 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28472 - Revision : 8 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28471 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28470 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28469 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28468 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28467 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28466 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28465 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28464 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Internet Explorer onlosecapture memory corruption attempt
RuleID : 27944 - Revision : 11 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer onlosecapture memory corruption attempt
RuleID : 27943 - Revision : 10 - Type : BROWSER-IE

Metasploit Database

idDescription
2013-11-05 MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow

Nessus® Vulnerability Scanner

DateDescription
2013-12-11Name : The remote Windows host has a remote code execution vulnerability.
File : smb_nt_ms13-096.nasl - Type : ACT_GATHER_INFO
2013-10-09Name : The remote host is affected by multiple code execution vulnerabilities.
File : smb_nt_ms13-080.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
DateInformations
2014-02-17 11:38:44
  • Multiple Updates
2014-01-19 21:29:41
  • Multiple Updates
2014-01-03 17:19:07
  • Multiple Updates
2013-12-11 05:22:03
  • Multiple Updates
2013-12-11 05:17:54
  • Multiple Updates
2013-12-04 00:18:30
  • Multiple Updates
2013-11-26 05:22:16
  • Multiple Updates
2013-11-12 21:19:28
  • Multiple Updates
2013-11-07 13:27:18
  • Multiple Updates
2013-11-06 21:32:36
  • Multiple Updates
2013-11-05 21:21:02
  • First insertion