New Search

XML External Entities Resolution Vulnerability (CVE-2013-3159) - MS13-073

oval:org.mitre.oval:def:18686

Microsoft Excel 2003 SP3 2007 SP3 and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue aka "XML External Entities Resolution Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows XP
  • Microsoft Windows Server 2012
  • Microsoft Windows 7
  • Microsoft Windows 2000
  • Microsoft Windows Server 2008
  • Microsoft Windows 8
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008 R2
Class:
vulnerability
Reference(s):
  • CVE-2013-3159
Product(s):
  • Microsoft Excel Viewer 2007
  • Microsoft Excel 2003
  • Microsoft Office Compatibility Pack
  • Microsoft Excel 2010
  • Microsoft Excel 2007