CVE-2013-3906

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Office 2003 SP3 Microsoft Office 2007 SP3 Microsoft Office 2010 SP1 and SP2 Microsoft Office Compatibility Pack SP3 Microsoft Lync 2010, 2010 Attendee, 2013, and Basic 2013

Description A remote code execution issue exists in the way affected Microsoft components handle specially crafted TIFF files. This could allow remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document. The issue has been exploited in the wild. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Microsoft Windows Vista SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 SP2, update to a newer version that contains a fix for this issue. For Microsoft Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2, update to a newer version that contains a fix for this issue. For Microsoft Office Compatibility Pack SP3, update to a newer version that contains a fix for this issue. For Microsoft Lync 2010, 2010 Attendee, 2013, and Basic 2013, update to a newer version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of TIFF files from untrusted sources until a patch is available.