MS KB2896666: Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (deprecated)
high Nessus Plugin ID 70773
Language:
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote host is missing one of the workarounds referenced in KB 2896666.The remote host has a version of the Microsoft Graphics Component installed that is potentially affected by a code execution vulnerability due to the way the application handles specially crafted TIFF images.
Solution
Microsoft has provided a workaround for Windows Vista, 2008, Office 2003, Office 2007, Office 2010, Office Compatibility Pack, Lync 2010 and Lync 2013.See Also
http://technet.microsoft.com/en-us/security/advisory/2896666
Plugin Details
Severity: High
ID: 70773
File Name: smb_kb2896666.nasl
Version: Revision: 1.9
Type: local
Agent: windows
Family: Windows
Published: 11/6/2013
Updated: 8/30/2017
Supported Sensors: Nessus Agent
Risk Information
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:ND/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:office, cpe:/a:microsoft:office_compatibility_pack
Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 11/5/2013
Exploitable With
Metasploit (Microsoft Tagged Image File Format (TIFF) Integer Overflow)
Reference Information
CVE: CVE-2013-3906
BID: 63530
OSVDB: 99376
MSKB: 2896666