CVE-2013-1301

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.us-cert.gov/ncas/alerts/TA13-134A	Third Party Advisory US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:visio:2003:sp3::::::
	cpe:2.3:a:microsoft:visio:2007:sp3::::::
	cpe:2.3:a:microsoft:visio:2010:sp1::::::

Information

Published : 2013-05-14 20:36

Updated : 2018-10-12 15:04

NVD link : CVE-2013-1301

Mitre link : CVE-2013-1301

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

microsoft

visio

4.3 /10