CVE-2013-3174

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows Server 2012

Description A remote code execution issue exists in the way Microsoft DirectShow parses GIF image files. This could allow remote code execution if a user opens a specially crafted GIF file. If a user is logged on with administrative user rights, an attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft Windows XP SP2 and SP3, consider disabling the handling of GIF files in DirectShow until a patch is available. For Microsoft Windows Server 2003 SP2, restrict access to GIF files to minimize the risk of exploitation. For Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012, avoid opening specially crafted GIF files until the issue is resolved. As a temporary workaround, consider disabling the DirectShow component that handles GIF files until a patch is available.