CVE-2013-3847

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

64.2%

top 1.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Apps Microsoft Sharepoint Foundation Microsoft Sharepoint Portal Server +3 more

Timeline

PublishedSep 11

Latest updateMay 14

Description

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages6 packages

▶NVDmicrosoft/word2003, 2007, 2010+2

▶NVDmicrosoft/office_web_apps2010

▶NVDmicrosoft/sharepoint_services2.0, 3.0+1

▶NVDmicrosoft/sharepoint_server2010

▶NVDmicrosoft/sharepoint_portal_server2003

🔴Vulnerability Details

GHSA

GHSA-5q76-mqhx-jj3x: Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 20↗2022-05-14

▶

CVEList

CVE-2013-3847: Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 20↗2013-09-11

▶