KB4015383: Security Updates for the libjpeg Information Disclosure Vulnerability (April 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by an information disclosure
vulnerability.

Description :

The remote Windows host is missing security updates. It is,
therefore, affected by an information disclosure vulnerability in the
open-source libjpeg image processing library due to improper handling
of objects in memory. An unauthenticated, remote attacker can exploit
this to disclose sensitive information that can be utilized to bypass
ASLR security protections.

See also :

http://www.nessus.org/u?18ad2286
http://www.nessus.org/u?2974d445
http://www.nessus.org/u?c54a9ea6
http://www.nessus.org/u?d5f07ab5

Solution :

Apply the following security updates :

- KB4014794
- KB4014652
- KB4015383

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.5
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 99309 ()

Bugtraq ID: 63676

CVE ID: CVE-2013-6629

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now