Microsoft Graphics Component Remote Code Execution Vulnerability

Last Update Date: 6 Nov 2013 09:35 Release Date: 6 Nov 2013 3429 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability was identified in Microsoft Office. A remote user can cause arbitrary code to be executed on the target user's system.

 

A remote user can create a specially crafted TIFF image file that, when loaded by the target user, will trigger a memory corruption flaw in a Microsoft graphics component and execute arbitrary code on the target system. The code will run with the privileges of the target user.

 

Note: Vendor patch is currently unavailable. This vulnerability is being actively exploited.

Impact

  • Remote Code Execution

System / Technologies affected

  • Windows Vista
  • Windows Server 2008
  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office Compatibility Pack Service Pack 3
  • Microsoft Lync 2010
  • Microsoft Lync 2013

Solutions

Note: Vendor patch is currently unavailable.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Wireshark Multiple Denial of Service Vulnerabilities

5 Nov 2013 3111 Views

Next

IBM Java Multiple Vulnerabilities

8 Nov 2013 3057 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY