Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2013-3906 is a high severity vulnerability with a CVSS score of 7.8. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
Very high probability of exploitation in the next 30 days
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
| Vendor | Product |
|---|---|
| Microsoft | Lync |
| Microsoft | Office |
| Microsoft | Powerpoint Viewer |
| Microsoft | Word Viewer |
| Microsoft | Office Compatibility Pack |
| Microsoft | Excel Viewer |
| Microsoft | Windows Vista |
| Microsoft | Windows Server 2008 |