(MS13-045) Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
Publish date: 17 de mayo de 2013
Gravedad: Medio
Identificadores de CVE : CVE-2013-0096
Fecha recomendada: 17 de mayo de 2013
Descripción
This security update resolves a vulnerability in Windows Essentials. The vulnerability could allow information disclosure if a user opens Windows Writer using a maliciously crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.
Soluciones
Software y versión afectados
- Windows Essentials 2012
- Windows Essentials 2011