| Vulnerability Name: | CVE-2013-3159 (CCN-86701) | ||||||||
| Assigned: | 2013-09-10 | ||||||||
| Published: | 2013-09-10 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability." | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3159 Source: CCN Type: Microsoft Security Bulletin MS13-073 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300) Source: CCN Type: Microsoft Security Bulletin MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Source: CCN Type: Microsoft Security Bulletin MS14-083 Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: CERT Type: US Government Resource TA13-253A Source: MS Type: UNKNOWN MS13-073 Source: XF Type: UNKNOWN ms-excel-cve20133159-info-disc(86701) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:18686 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||