Main Vulnerability Database Vulnerabilities #VU42844

Permissions, Privileges, and Access Controls in Windows Essentials - CVE-2013-0096

Published: May 15, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42844

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-0096

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows Essentials

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-045 'There is no update available for Windows Essentials 2011. See update FAQ for details.'

How to mitigate CVE-2013-0096

Install update from vendor's website.

Permissions, Privileges, and Access Controls in Windows Essentials - CVE-2013-0096

Detailed vulnerability description

How to mitigate CVE-2013-0096

Sources

Please verify you're human