MS Advisory (2896666) Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

  Severity: CRITICAL
  CVE Identifier: CVE-2013-3906
  Advisory Date: NOV 07, 2013

  DESCRIPTION

The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date IDF Compatibility

CVE-2013-3906 1005764 Microsoft Graphics Component Remote Code Execution Vulnerability (CVE-2013-3906) 7-Nov-13 YES


1005765 Identified Microsoft Office File With Embedded TIFF File
YES

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 1 (32-bit editions)
  • Microsoft Office 2010 Service Pack 2 (32-bit editions)
  • Microsoft Office 2010 Service Pack 1 (64-bit editions)
  • Microsoft Office 2010 Service Pack 2 (64-bit editions)
  • Microsoft Office Compatibility Pack Service Pack 3
  • Microsoft Lync 2010 (32-bit)
  • Microsoft Lync 2010 (64-bit)
  • Microsoft Lync 2010 Attendee
  • Microsoft Lync 2013 (32-bit)
  • Microsoft Lync Basic 2013 (32-bit)
  • Microsoft Lync 2013 (64-bit)
  • Microsoft Lync Basic 2013 (64-bit)

Featured Stories