What is the severity of CVE-2013-3906?

CVE-2013-3906 has a CVSS v3 score of 7.8, which is classified as High severity.

Is there an exploit available for CVE-2013-3906?

Yes, there are known exploits available for CVE-2013-3906. Immediate patching is recommended.

Is there a patch available for CVE-2013-3906?

Yes, patches are available for CVE-2013-3906. Check the vendor advisories for update instructions.

CVE-2013-3906

Published: May 12, 2026

Last updated:6 hours ago (May 12, 2026)

Exploit: YesZero-day: YesPatch: YesTrend: Neutral

TL;DR

Updated May 12, 2026

CVE-2013-3906 is a high severity vulnerability with a CVSS score of 7.8. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.

Key Points

1High severity (CVSS 7.8/10)
2EPSS: 92.00% - very high likelihood of exploitation
3Public exploits are available
4Vendor patches are available
5Strobes Priority Score: 891/1000 (High)
6Affects products from: Microsoft

Test this CVE with Agentic AI

Deploy autonomous AI agents to validate this vulnerability in your environment.

Severity Scores

CVSS v37.8

CVSS v29.3

Priority Score891.0

EPSS Score92.0

High

Exploitation LikelihoodCritical

92.00%EPSS

Very high probability of exploitation in the next 30 days

Immediate patching required

92.00%

EPSS

7.8

CVSS

Yes

Exploit

Yes

Patch

High Priority

high EPSS • exploit exists

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.

CVSS v3 Breakdown

Attack Vector:Local

Attack Complexity:Local

Privileges Required:Network

User Interaction:Required

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Exploit References

Exploit-DB Cisa.gov Blogs.mcafee.com Blogs.technet.com Exploit-db.com Metasploit Proofpoint Emerging Threats

Patch References

[email protected][email protected]Zeroday CZ

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Microsoft	Word Viewer
Microsoft	Office Compatibility Pack
Microsoft	Office
Microsoft	Powerpoint Viewer
Microsoft	Lync
Microsoft	Windows Server 2008
Microsoft	Windows Vista
Microsoft	Excel Viewer

Advisories

GitHub Advisory NVD

Threat Intelligence

Threat Actors (2)

Iridium IRIDIUM

Cite This Page

APA Format

Strobes VI. (2026). CVE-2013-3906 - CVE Details and Analysis. Strobes VI. Retrieved May 13, 2026, from https://vi.strobes.co/cve/CVE-2013-3906

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Vendor

Product

Microsoft

Word Viewer

Microsoft

Office Compatibility Pack

Microsoft

Office

Microsoft

Powerpoint Viewer

Microsoft

Lync

Microsoft

Windows Server 2008

Microsoft

Windows Vista

Microsoft

Excel Viewer

CVE-2013-3906

Threat Intelligence

Ready for Agentic Automated Testing?

CVE-2013-3906

Threat Intelligence