MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

An application on the remote Windows host has an information disclosure
vulnerability.

Description :

The version of Windows Essentials 2011 or 2012 installed on the remote
host has an information disclosure vulnerability. Windows Writer, part
of Windows Essentials, fails to properly handle specially crafted URLs.
A remote attacker could exploit this by tricking a user into opening a
maliciously crafted URL to override Windows Writer proxy settings and
overwrite files accessible to the user.

See also :

https://technet.microsoft.com/library/security/ms13-045

Solution :

Microsoft has released a patch for Windows Essentials 2012.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 66421 ()

Bugtraq ID: 59783

CVE ID: CVE-2013-0096

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial