CVE-2013-3159Improper Input Validation in Microsoft Excel

CWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
25.4%
top 3.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Excel
Timeline
PublishedSep 11
Latest updateMay 14

Description

Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/excel2003, 2007, 2010+2

🔴Vulnerability Details

2
GHSA
GHSA-4vq7-844p-76r2: Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arb2022-05-14
CVEList
CVE-2013-3159: Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arb2013-09-11

📋Vendor Advisories

1
Red Hat
xen: AMD FPU FIP/FDP/FOP leak workaround broken (XSA-172)2016-03-24
CVE-2013-3159 — Improper Input Validation in Microsoft | cvebase