Skip to main content

Visio CVE-2013-1301

MEDIUM
Information Exposure (CWE-200)
2013-05-15 secure@microsoft.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 15, 2013 - 03:36 cve.org
MEDIUM 4.3

DescriptionCVE.org

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."

AnalysisAI

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.8% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." Affected products include: Microsoft Visio.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Visio

View all
CVE-2012-1888 CRITICAL
9.3 Aug 15

Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code

CVE-2013-0079 CRITICAL
9.3 Mar 13

Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers

CVE-2015-2557 CRITICAL
9.3 Oct 14

Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted U

CVE-2015-2503 CRITICAL
9.3 Nov 11

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, P

CVE-2016-3364 HIGH
7.8 Sep 14

Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Mem

CVE-2020-0760 HIGH
8.8 Apr 15

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Micro

CVE-2022-44695 HIGH
7.8 Dec 13

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no aut

CVE-2024-20673 HIGH
7.8 Feb 13

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentic

CVE-2024-38016 HIGH
7.8 Sep 19

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no aut

CVE-2024-43463 HIGH
7.8 Sep 10

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no aut

CVE-2023-21737 HIGH
7.8 Jan 10

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no aut

CVE-2023-21736 HIGH
7.8 Jan 10

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no aut

Share

CVE-2013-1301 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy