CVE-2013-3906: a graphics vulnerability exploited through Word documents - Security Research & Defense
Microsoft製品に未解決の脆弱性、不正なWordを使った攻撃確認 - ITmedia ニュース
Office 2003 がインストールされている XP機のみ Microsoft Fix it 51004 適用。
マイクロソフト セキュリティ アドバイザリ (2896666) Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release - MSRC
- Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.
- Office 2010 is affected only if installed on Windows XP or Windows Server 2003. Office 2010 is not affected when installed on Windows Vista or newer systems.
- Office 2013 is not affected, regardless of OS platform.
- Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
- Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.
For Lync clients:
- All supported versions of Lync client are affected but are not known to be under active attack.