MS13-044  Vulnerability in Microsoft Visio Could Allow Information Disclosure

2013-05-14 This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Vulnerabilities addressed in this bulletin:
XML External Entities Resolution Vulnerability
An information disclosure vulnerability exists in the way that Microsoft Visio parses specially crafted XML files containing external entities.
CVE-2013-1301

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2013-1301

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
Max CVSS
4.3
EPSS Score
2.93%
Published
2013-05-15
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close