Detections
Analytics
MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
medium Nessus Plugin ID 66421
Language:
Synopsis
An application on the remote Windows host has an information disclosure vulnerability.Description
The version of Windows Essentials 2011 or 2012 installed on the remote host has an information disclosure vulnerability. Windows Writer, part of Windows Essentials, fails to properly handle specially crafted URLs.A remote attacker could exploit this by tricking a user into opening a maliciously crafted URL to override Windows Writer proxy settings and overwrite files accessible to the user.
Solution
Microsoft has released a patch for Windows Essentials 2012.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-045
Plugin Details
Severity: Medium
ID: 66421
File Name: smb_nt_ms13-045.nasl
Version: 1.8
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 5/15/2013
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:microsoft:windows_essentials
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 5/14/2013
Vulnerability Publication Date: 5/14/2013
Reference Information
CVE: CVE-2013-0096
BID: 59783
MSFT: MS13-045
MSKB: 2813707