CyberSec.Space Logo
Back to CVE Browser

CVE-2013-3906

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score49.3410%
EPSS Percentile90.04th
PublishedNov 6, 2013
Last ModifiedApr 22, 2026

Vulnerability Description

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Excel Viewer

All versions
πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2013
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2010
πŸ“¦
Microsoft

Office

= 2010
πŸ“¦
Microsoft

Office Compatibility Pack

All versions
πŸ“¦
Microsoft

Powerpoint Viewer

= 2010
πŸ“¦
Microsoft

Powerpoint Viewer

= 2010
πŸ“¦
Microsoft

Word Viewer

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Vista

All versions

References & Advisories

πŸ”— http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2
πŸ”— http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx
πŸ”— http://technet.microsoft.com/security/advisory/2896666
πŸ”— http://www.exploit-db.com/exploits/30011
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096
πŸ”— http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2
πŸ”— http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx
πŸ”— http://technet.microsoft.com/security/advisory/2896666

Related Vulnerabilities

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2008-00819.8

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted ...

CVE-2007-12039.3

Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assiste...

CVE-2007-00289.3

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcode...