Lucene search

[email protected]CVE-2013-0096

HistoryMay 15, 2013 - 3:36 a.m.

CVE-2013-0096

2013-05-1503:36:33

CWE-264

[email protected]

web.nvd.nist.gov

117

windows essentials

2011

2012

remote code execution

cve-2013-0096

vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.331 Low

EPSS

Percentile

97.1%

JSON

Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka “Windows Essentials Improper URI Handling Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_essentialsMatch2011

microsoftwindows_essentialsMatch2012

CPENameOperatorVersion
microsoft:windows_essentialsmicrosoft windows essentialseq2011
microsoft:windows_essentialsmicrosoft windows essentialseq2012

CPE	Name	Operator	Version
microsoft:windows_essentials	microsoft windows essentials	eq	2011
microsoft:windows_essentials	microsoft windows essentials	eq	2012

References

www.us-cert.gov/ncas/alerts/TA13-134A

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-045

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16204

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.331 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2013-0096

prion1 nvd1 cvelist1 nessus1 securityvulns1 symantec1 openvas2 mskb1 checkpoint_advisories1