Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
Date: 6 November 2013
The purpose of this alert is to raise awareness of a reported vulnerability in the Microsoft Graphics component.
CCIRC is aware of reports of a remote code execution vulnerability in some Microsoft products that affects the way components handle specially crafted TIFF images.
An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, a specially crafted file, or browse specially crafted web content. By successfully doing so, an attacker could possibly gain the same user rights as the current user. The severity of the situation ranges from attackers gaining access to user accounts with few rights to those accounts that operate with full administrative rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability. With no way to force the user to visit the site, the attacker would need to influence the user to visit the website by clicking on a link in an email message or Instant Messenger message or by opening an attachment.
With assistance from partners in the Microsoft Active Protections Program (MAPP), Microsoft is actively working to pass on information that they can use to provide extensive protection for its customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help its customers. This may include the release of a security update through its monthly release process or providing an out-of-cycle security update, depending on customer needs.
Microsoft Windows Operating Systems:
Windows Vista Service Pack 2 (and similar versions)
Windows Server 2008 for 32-bit Systems Service Pack 2 (and similar versions)
Microsoft Office Suites and Software:
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 (all versions, Service Pack 2 and below)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Communication Platforms and Software:
Microsoft Lync 2010 (and similar versions)
Microsoft Lync 2013 (and similar versions)
Microsoft Security Advisory: 2896666
Microsoft Knowledge Base Article: CVE-2013-3906
CCIRC is recommending that system administrators review Microsoft's Security Advisory 2896666 for an overview of the issue, details on affected components, suggested actions, frequently asked questions (FAQ) and links to additional resources.
- A patch is not available at this time for this vulnerability, however, Microsoft is providing a Fix it solution, "Disable TIFF codec”.
- Microsoft reports that Enhanced Mitigation Experience Toolkit (EMET 3.0/4.0) will make the vulnerability harder to exploit.
- Microsoft Security Advisory 2896666 - Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution - http://technet.microsoft.com/security/advisory/2896666
- Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc
- Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc
- Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd
Note to Readers
In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.
Please note, CCIRC PGP key has recently been updated.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
- Date modified: