{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Office 2003","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office 2010","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office 2007","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Lync 2010 Attendee","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Lync 2010","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Lync 2013","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office Compatibility Pack","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Lync Basic 2013","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"closed_at":"2013-12-10","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2013-3906","url":"https://www.cve.org/CVERecord?id=CVE-2013-3906"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS13-096 du 10 d\u00e9cembre 2013","url":"https://technet.microsoft.com/en-us/security/bulletin/ms13-096"},{"title":"EMET 4.0","url":"http://www.microsoft.com/en-us/download/details.aspx?id=39273"},{"title":"Article blog Microsoft Security Research and Defense    CVE-2013-3906","url":"http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx"}],"reference":"CERTA-2013-ALE-007","revisions":[{"description":"version initiale.","revision_date":"2013-11-06T00:00:00.000000"},{"description":"fermeture de l'alerte, suite \u00e0 la diffusion du correctif par l'\u00e9diteur.","revision_date":"2013-12-10T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans un composant graphique de <span\nclass=\"textit\">Microsoft</span>. Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance au moyen d'un fichier\nembarquant une image au format <span class=\"textit\">TIFF</span>\nsp\u00e9cialement con\u00e7ue. Ce fichier peut \u00eatre int\u00e9gr\u00e9 dans un document\nMicrosoft Office, une page Web ou un message electronique.\n","title":"Vuln\u00e9rabilit\u00e9 dans un composant graphique de Microsoft","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft 2896666 du 05 novembre 2013","url":"http://technet.microsoft.com/en-us/security/advisory/2896666"}]}