Oval Definition:	oval:org.mitre.oval:def:18819
Revision Date: 2014-06-30 Version: 17 Title: Word Memory Corruption Vulnerability (CVE-2013-3160) - MS13-072 Description: Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2013-3160 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Product(s): Microsoft Office Compatibility Pack Microsoft Word 2003 Microsoft Word 2007 Microsoft Word Viewer Definition Synopsis word 2003/versions either files Check if the version of mso.dll is less than 11.0.8405 OR Check if the version of winword.exe is less than 11.0.8406 AND Microsoft Word 2003 SP3 is installed OR word 2007/versions either files Check if the version of mso.dll is less than 12.0.6683.5000 OR Check if the version of winword.exe is less than 12.0.6683.5001 AND Microsoft Word 2007 SP3 is installed OR word viewer/versions Microsoft Word Viewer 2003 SP3 is installed AND Check if the version of wordview is less than 11.0.8406 OR office compatibility pack/version Check if the version of wordcnv.dll is less than 12.0.6683.5001 AND Microsoft Office Compatibility Pack SP3 is installed
BACK