CVE-2013-1301

CWE-200Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
27.8%
top 3.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Visio
Timeline
PublishedMay 15
Latest updateMay 14

Description

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/visio2003, 2007, 2010+2

🔴Vulnerability Details

2
GHSA
GHSA-rmc5-3xmc-2w3h: Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity decl2022-05-14
CVEList
CVE-2013-1301: Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity decl2013-05-15
CVE-2013-1301 (MEDIUM CVSS 4.3) | Microsoft Visio 2003 SP3 2007 SP3 | cvebase.io