CVE-2013-1331
published 2013-06-12CVE-2013-1331: Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office…
PriorityP181high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
81.88%
99.6th percentile
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger vector is crafted PNG data embedded within an Office document (DOC/Office file format); inspect Office documents for anomalous or oversized PNG streams that may trigger improper memory allocation leading to buffer overflow. ↗
- ·Affected products are Microsoft Office 2003 SP3 and Office 2011 for Mac only; patched versions are not vulnerable. CISA KEV remediation deadline was 2022-06-22. ↗
- ·Doc 2 covers CVE-2017-0199, a different vulnerability; none of its technical indicators (CLSIDs, DLL versions, network IOCs) are applicable to CVE-2013-1331 and must not be conflated. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h8gm-f3pp-ppg9: Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Offi
ghsa_unreviewed·2022-05-14
CVE-2013-1331 [HIGH] CWE-119 GHSA-h8gm-f3pp-ppg9: Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Offi
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
VulnCheck
Microsoft Office Buffer Overflow Vulnerability
vulncheck·2013·CVSS 7.8
CVE-2013-1331 [HIGH] CWE-119 Microsoft Office Buffer Overflow Vulnerability
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
Affected: Microsoft Office
Required Action: Apply updates per vendor instructions.
Exploitation References: http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf; https://dl.acm.org/doi/pdf/10.1145/3465481.3465758; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.fortinet.com/blog/threat-research/an-inside-look-at-cve-2017-0199-hta-and-scriptlet-file-handler-vulnerability
Remediation Due: 2022-06-22
CISA
Microsoft Office Buffer Overflow Vulnerability
cisa·2022-06-08·CVSS 7.8
CVE-2013-1331 [HIGH] CWE-119 Microsoft Office Buffer Overflow Vulnerability
Vulnerability: Microsoft Office Buffer Overflow Vulnerability
Affected: Microsoft Office
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-1331
Remediation Due Date: 2022-06-22
No detection rules found.
Exploit-DB
Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery
exploitdb·2014-01-06·CVSS 6.8
CVE-2013-6922 [MEDIUM] Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery
Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery
---
# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery
# Google Dork: N/A
# Date: 04-01-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: http://www.seagate.com/
# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
# Version: sg2000-2000.1331
# Tested on: N/A
# CVE : CVE-2013-6922
#
## Description:
#
# There are multiple CSRF attacks possible, the proof of concept shows how
it is possible to add
# a user with administrative privileges to the system.
#
# It is also possible to:
#
# 1. Factory reset the device
# 2. Reboot the device
# 3. Add/Edit/Remove users
# 4. Add/Edit/Remove shares and volumes
#
# This vulnerability was reported t
Exploit-DB
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities
exploitdb·2014-01-06·CVSS 4.3
CVE-2013-6923 [MEDIUM] Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities
---
# Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site
Scripting Vulnerabilities
# Google Dork: N/A
# Date: 04-01-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: http://www.seagate.com/
# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
# Version: sg2000-2000.1331
# Tested on: N/A
# CVE : CVE-2013-6923
#
## Description:
#
# When adding a user to the device, it is possible to enter a full name.
This input field does not
# sanitize its input and it is possible to enter any payload which will get
executed upon reload.
#
# The workgroup configuration is also vulnerable to persistent XSS. The Work
Group
Exploit-DB
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
exploitdb·2014-01-06·CVSS 9.8
CVE-2013-6924 [CRITICAL] Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
---
# Exploit Title: Seagate BlackArmor NAS - Remote Command Execution
# Google Dork: N/A
# Date: 04-01-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: http://www.seagate.com/
# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
# Version: sg2000-2000.1331
# Tested on: N/A
# CVE : CVE-2013-6924
#
## Description:
#
# The file getAlias.php located in /backupmgt has the following lines:
#
# $ipAddress = $_GET["ip";
# if ($ipAddress != "") {
# exec("grep -I $ipAddress $immedLogFile > aliasHistory.txt");
# ..
# ..
# }
#
# The GET parameter can easily be manipulated to execute commands on the
BlackArmor system.
#
## Proof of Concept:
#
# http(s):///
Fortinet
An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability
blogs_fortinet·2017-06-04·CVSS 7.8
CVE-2017-0199 [HIGH] An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability
FORTIGUARD LABS THREAT RESEARCH
An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability
By Wayne Chin Yick Low | June 04, 2017
FortiGuard Labs recently came across a new strain of samples exploiting the CVE-2017-0199 vulnerability. This vulnerability was fixed by Microsoft and the patch was released in April 2017. Due to its simplicity, it can be easily exploited by attackers. It has also been found in-the-wild by other vendors. We have also blogged about some samples recently found in spear phishing attack.
While there are plenty of articles discussing this vulnerability, most of them are intended for technical readers and primarily focus on how to create proof-of-concept (POC) for the vulnerability. If you are looking for an easy-to-understand article, we found
Zscaler
Zscaler found Multiple Security Vulnerabilities | 06-11-2013
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler found Multiple Security Vulnerabilities | 06-11-2013
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.us-cert.gov/ncas/alerts/TA13-168Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-051https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16713https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16732http://www.us-cert.gov/ncas/alerts/TA13-168Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-051https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16713https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16732https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1331
2013-06-12
Published
2022-06-08
Added to CISA KEV
Exploited in the wild