MS13-089: Critical Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a remote code execution
vulnerability.

Description :

The remote host contains a version of Microsoft Windows that is
affected by a remote code execution vulnerability. The vulnerability
exists in the Graphic Rendering Engine, and in the way Windows handles
Metafiles. An attacker could exploit this issue to execute arbitrary
code on the remote host.

See also :

https://technet.microsoft.com/en-us/security/bulletin/ms13-089

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, and RT 8.1.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 70847 ()

Bugtraq ID: 63546

CVE ID: CVE-2013-3940