Microsoft Security Advisory (2896666) Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

CVE-2013-3906: a graphics vulnerability exploited through Word documents - Security Research & Defense
Microsoft製品に未解決の脆弱性、不正なWordを使った攻撃確認 - ITmedia ニュース
Office 2003 がインストールされている XP機のみ Microsoft Fix it 51004 適用。
11/8 追記
マイクロソフト セキュリティ アドバイザリ (2896666) Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release - MSRC

For Office:

  • Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.
  • Office 2010 is affected only if installed on Windows XP or Windows Server 2003. Office 2010 is not affected when installed on Windows Vista or newer systems.
  • Office 2013 is not affected, regardless of OS platform.

For Windows:

  • Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
  • Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.

For Lync clients:

  • All supported versions of Lync client are affected but are not known to be under active attack.