MS13-078 Vulnerability in FrontPage Could Allow Information Disclosure
2013-09-10 This security update resolves a privately reported vulnerability in Microsoft FrontPage. The vulnerability could allow information disclosure if a user opens a specially crafted FrontPage document. The vulnerability cannot be exploited automatically; for an attack to be successful a user must be convinced to open the specially crafted document.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- XML Disclosure Vulnerability
- An information disclosure vulnerability exists in FrontPage that could allow an attacker to disclose the contents of a file on a target system.
CVE-2013-3137
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
0.96%
Published
2013-09-11
Updated
2018-10-12