How to Buy
This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote Windows host has a remote code execution vulnerability.
The version of Microsoft's Graphics Component installed on the remote
host is affected by a heap overflow vulnerability. Specially crafted
TrueType font files are not processed properly. A remote,
unauthenticated attacker could exploit this vulnerability by getting a
user to view content that contains malicious TrueType font files,
resulting in arbitrary code execution.
Note that this issue is currently being exploited by malware in the
See also :
Microsoft has released a set of patches for Windows 2008, Windows
Vista, Office 2003, Office 2007, Office 2010, Office Compatibility
Pack, Lync 2010, Lync 2010 Attendee, Lync 2013, and Lync Basic 2013.
Note: KB2896666 was previously released for this issue. The fix for
KB2896666 can be removed after applying MS13-096 in order to view TIFF
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 71311 ()
Bugtraq ID: 63530
CVE ID: CVE-2013-3906
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.