This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The Microsoft Expression Design install on the remote Windows host
could allow arbitrary code execution.
The version of Microsoft Expression Design installed on the remote
host is reportedly affected by an insecure library loading
A remote attacker could exploit this flaw by tricking a user into
opening a legitimate .xpr or .DESIGN file located in the same
directory as a maliciously crafted dynamic link library (DLL) file,
resulting in arbitrary code execution.
See also :
Microsoft has released a patch for Expression Design.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true