CVE-2013-0096

Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.us-cert.gov/ncas/alerts/TA13-134A	Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16204

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:windows_essentials:2011:::::::*
	cpe:2.3:a:microsoft:windows_essentials:2012:::::::*

History

No history.

Information

Published : 2013-05-15 03:36

Updated : 2024-02-28 12:00

NVD link : CVE-2013-0096

Mitre link : CVE-2013-0096

CVE.ORG link : CVE-2013-0096

JSON object : View

Products Affected

microsoft

windows_essentials

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-0096", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-05-15T03:36:33.357", "references": [{"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-045", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16204", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka \"Windows Essentials Improper URI Handling Vulnerability.\""}, {"lang": "es", "value": "Writer en Microsoft Windows Essentials 2011 y 2012 permite a atacantes remotos eludir las configuraciones de proxy y sobreescribir ficheros arbitrarios mediante par\u00e1metros de la URL especialmente dise\u00f1ados, tambi\u00e9n conocido como \"Vulnerabilidad en la gesti\u00f3n URI incorrecta de Windows Essentials\""}], "lastModified": "2018-10-12T22:03:48.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_essentials:2011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B3790C3-F04A-4D33-B887-DDC1DBB3934B"}, {"criteria": "cpe:2.3:a:microsoft:windows_essentials:2012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A28A6D98-ED4C-4DF9-9315-B750A7C9002F"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com", "evaluatorSolution": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-045\r\n\r\n'There is no update available for Windows Essentials 2011. See update FAQ for details.'"}