Oval Definition:oval:org.mitre.oval:def:21019
Revision Date:2014-09-01Version:43
Title:Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906) - MS13-096
Description:GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-3906
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Excel Viewer 2007
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft Lync Basic 2013
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft PowerPoint Viewer 2010
Microsoft Word Viewer
Definition Synopsis
  • For vulnerable OS and vulnerable file version
  • For OS
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND For GDR/LDR
  • Check if the version of Gdiplus.dll is less than 6.0.6002.18971
  • OR For LDR
  • Check if version of Gdiplus.dll is greater than or equal to 6.0.6002.22000
  • AND Check if the version of Gdiplus.dll is less than 6.0.6002.23256
  • OR For Office 2003 SP3 and vulnerable file version
  • Microsoft Office 2003 SP3 is installed
  • AND Check if the version of Gdiplus.dll is less than 11.0.8408
  • OR For Word Viewer 2003/SP3 and vulnerable file version
  • Microsoft Word Viewer 2003 SP3 is installed
  • AND Check if the version of Gdiplus.dll is less than 11.0.8408
  • OR For Office 2007 SP3 and vulnerable file version
  • Microsoft Office 2007 SP3 is installed
  • AND Check if the version of Ogl.dll is less than 12.0.6688.5000
  • OR For Office Compatibility Pack/SP3 and vulnerable file version
  • Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if the version of Ogl.dll is less than 12.0.6688.5000
  • OR For MS Excel Viewer 2007/SP3 and vulnerable file version
  • Microsoft Excel Viewer 2007 SP3 is installed
  • AND Check if the version of Ogl.dll is less than 12.0.6688.5000
  • OR For Office 2010 SP2 and vulnerable file version
  • Microsoft Office 2010 SP2 is installed
  • AND Check if the version of Ogl.dll is less than 14.0.7110.5004
  • OR For PowerPoint Viewer 2010/SP1/SP2 and vulnerable file version
  • For PowerPoint Viewer 2010
  • Microsoft PowerPoint Viewer 2010 SP1 is installed
  • OR Microsoft PowerPoint Viewer 2010 SP2 is installed
  • AND Check if the version of Ogl.dll is less than 14.0.7110.5004
  • OR For vulnerable Microsoft Lync 2010
  • Microsoft Lync 2010 is installed
  • AND Check if the version of Communicator.exe (Lync 2010) is less than 4.0.7577.4415
  • OR For vulnerable Microsoft Lync 2010 attendee (admin)
  • Microsoft Lync 2010 Attendee (admin level install) is installed
  • AND Check if the version of ogl.dll (Lync 2010 Attendee for admin) is less than 4.0.7577.4415
  • OR For vulnerable Microsoft Lync 2010 attendee (user)
  • Microsoft Lync 2010 Attendee (user level install) is installed
  • AND Check if the version of ogl.dll (Lync 2010 Attendee for user) is less than 4.0.7577.4415
  • OR For vulnerable Microsoft Lync Basic 2013
  • Microsoft Lync Basic 2013 is installed
  • AND Check if the version of Autohelper.dll is less than 15.0.4547.1000
    • BACK