CVE-2013-3906: a graphics vulnerability exploited through Word documents - Security Research & Defense
Microsoft製品に未解決の脆弱性、不正なWordを使った攻撃確認 - ITmedia ニュース
Office 2003 がインストールされている XP機のみ Microsoft Fix it 51004 適用。
11/8 追記
マイクロソフト セキュリティ アドバイザリ (2896666) Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release - MSRC
For Office:
- Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.
- Office 2010 is affected only if installed on Windows XP or Windows Server 2003. Office 2010 is not affected when installed on Windows Vista or newer systems.
- Office 2013 is not affected, regardless of OS platform.
For Windows:
- Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
- Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.
For Lync clients:
- All supported versions of Lync client are affected but are not known to be under active attack.