Summary
This host is missing an critical security update according to Microsoft Bulletin MS13-060.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code and or cause memory corruption.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-060
Insight
The flaw is due to an error within the Unicode Scripts Processor (USP10.dll) when processing OpenType fonts.
Affected
Microsoft Windows XP x32/64 Edition Service Pack 3 and prior Microsoft Windows 2003 x32/64 Edition Service Pack 2 and prior
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2013-3181 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
- Cumulative Security Update for Internet Explorer (937143)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
- ADODB.Stream object from Internet Explorer (KB870669)
- Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)