cbcvebase.
CVE-2013-1331
published 2013-06-12

CVE-2013-1331: Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office…

PriorityP181high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
81.88%
99.6th percentile
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoftoffice

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger vector is crafted PNG data embedded within an Office document (DOC/Office file format); inspect Office documents for anomalous or oversized PNG streams that may trigger improper memory allocation leading to buffer overflow.
  • ·Affected products are Microsoft Office 2003 SP3 and Office 2011 for Mac only; patched versions are not vulnerable. CISA KEV remediation deadline was 2022-06-22.
  • ·Doc 2 covers CVE-2017-0199, a different vulnerability; none of its technical indicators (CLSIDs, DLL versions, network IOCs) are applicable to CVE-2013-1331 and must not be conflated.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.