CVE-2013-3906

ENISA EUVD: EUVD-2013-3838 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 3 articles Published: 2013-11-06

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

92.45%

probability

This CVE has a 92.45% probability of being exploited in the next 30 days.

0% Top 99.7th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.

Affected Products

n/a

microsoft

excel viewer

microsoft

lync

microsoft

office

microsoft

office compatibility pack

microsoft

powerpoint viewer

n/a

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-913 · Improper Control of Dynamically-Managed Code Resources CWE-94 · Code Injection

Exploits & PoC

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096

vendor-advisory x_refsource_MS

http://www.exploit-db.com/exploits/30011

exploit x_refsource_EXPLOIT-DB

http://technet.microsoft.com/security/advisory/2896666

x_refsource_CONFIRM

http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx

x_refsource_CONFIRM

http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

85%

EPSS 92.45%

CVSS v3.1 7.8

Mentions 3

CNA Information

CNA Assigner

microsoft

Analyst Note

CVE-2013-3906 is a Microsoft Office/Graphics Component zero-day actively exploited in the wild via drive-by attacks and malicious Word documents. Article [1] explicitly documents active FireEye-detected attacks before patch availability, and article [3] indicates no patch was available as of November 2013 Patch Tuesday—confirming exploitation preceded vendor remediation.

Threat Actors 3

Kinsing

apt_group 🇷🇺 RU

ELECTRUM

apt_group Information theft and espionage 🇷🇺 RU

TeamTNT

apt_group 🇩🇪 DE

Triage Info

Decided atMar 20, 2026

Published DateNov 06, 2013