XML External Entities Vulnerability in Microsoft Visio Products
CVE-2013-1301

Currently unrated

Key Information:

Vendor
Microsoft
Status
Visio
Vendor
CVE Published:
15 May 2013

Summary

Certain versions of Microsoft Visio, including 2003 SP3, 2007 SP3, and 2010 SP1, contain a vulnerability that allows remote attackers to exploit XML documents containing external entity declarations. This vulnerability could lead to unauthorized access, enabling attackers to read arbitrary files on the system. This highlights the importance of ensuring proper security measures are in place when dealing with XML documents.

References

http://www.us-cert.gov/ncas/alerts/TA13-134A
third-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.