MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

An application on the remote Windows host has an information disclosure
vulnerability.

Description :

The version of Windows Essentials 2011 or 2012 installed on the remote
host has an information disclosure vulnerability. Windows Writer, part
of Windows Essentials, fails to properly handle specially crafted URLs.
A remote attacker could exploit this by tricking a user into opening a
maliciously crafted URL to override Windows Writer proxy settings and
overwrite files accessible to the user.

See also :

https://technet.microsoft.com/en-us/security/bulletin/ms13-045

Solution :

Microsoft has released a patch for Windows Essentials 2012.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 66421 ()

Bugtraq ID: 59783

CVE ID: CVE-2013-0096