CVE-2013-3940

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to an integer overflow in the Graphics Device Interface (GDI) that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted image in a Windows Write (.wri) document. This document is not properly handled in WordPad. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting the use of WordPad to minimize the risk of exploitation.