MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure
2013-05-14 This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- XML External Entities Resolution Vulnerability
- An information disclosure vulnerability exists in the way that Microsoft Visio parses specially crafted XML files containing external entities.
CVE-2013-1301
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
Max CVSS
4.3
EPSS Score
2.93%
Published
2013-05-15
Updated
2018-10-12