MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

An application on the remote Windows host has an information disclosure

Description :

The version of Windows Essentials 2011 or 2012 installed on the remote
host has an information disclosure vulnerability. Windows Writer, part
of Windows Essentials, fails to properly handle specially crafted URLs.
A remote attacker could exploit this by tricking a user into opening a
maliciously crafted URL to override Windows Writer proxy settings and
overwrite files accessible to the user.

See also :

Solution :

Microsoft has released a patch for Windows Essentials 2012.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 66421 ()

Bugtraq ID: 59783

CVE ID: CVE-2013-0096

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now