XML External Entities Vulnerability in Microsoft Visio Products
CVE-2013-1301

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visio
Vendor: CVE Published:; 15 May 2013

What is CVE-2013-1301?

Certain versions of Microsoft Visio, including 2003 SP3, 2007 SP3, and 2010 SP1, contain a vulnerability that allows remote attackers to exploit XML documents containing external entity declarations. This vulnerability could lead to unauthorized access, enabling attackers to read arbitrary files on the system. This highlights the importance of ensuring proper security measures are in place when dealing with XML documents.

References

http://www.us-cert.gov/ncas/alerts/TA13-134A

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

26% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2013
Vulnerability Reserved
Jan 12, 2013