MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
Medium Nessus Plugin ID 66421
SynopsisAn application on the remote Windows host has an information disclosure vulnerability.
DescriptionThe version of Windows Essentials 2011 or 2012 installed on the remote host has an information disclosure vulnerability. Windows Writer, part of Windows Essentials, fails to properly handle specially crafted URLs.
A remote attacker could exploit this by tricking a user into opening a maliciously crafted URL to override Windows Writer proxy settings and overwrite files accessible to the user.
SolutionMicrosoft has released a patch for Windows Essentials 2012.