Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Sharepoint Services
  • Office Compatibility Pack
  • Office Web Apps
  • Sharepoint Server
  • Sharepoint Portal Server
  • Office
  • Sharepoint Foundation
  • Excel Viewer
  • Excel

Configuration 1 [-]

OR cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*
cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*
cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:excel:2013:*:*:*:*:x86:*:*
cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
References
Link Resource
http://www.us-cert.gov/ncas/alerts/TA13-253A Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2013-09-11T10:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2013-01-12T00:00:00

Link: CVE-2013-1315

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2013-09-11T14:03:48.027

Modified: 2023-10-03T15:37:36.293

Link: CVE-2013-1315

JSON object: View

cve-icon Redhat Information

No data.

CWE