CVE-2013-3857Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office WEB Apps

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-266Incorrect Privilege Assignment5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
64.2%
top 1.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Office WEB AppsMicrosoft Sharepoint ServerMicrosoft Word
Timeline
PublishedSep 11
Latest updateMay 14

Description

Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/word2003, 2007, 2010+2

🔴Vulnerability Details

2
GHSA
GHSA-mmfx-p324-m9qv: Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 22022-05-14
CVEList
CVE-2013-3857: Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 22013-09-11

📋Vendor Advisories

1
Red Hat
kernel: privilege escalation in sys_oabi_*() in arm kernel2016-08-05

💬Community

1
Bugzilla
CVE-2016-3857 kernel: privilege escalation in sys_oabi_*() in arm kernel2016-10-03
CVE-2013-3857 — Microsoft Office WEB Apps vulnerability | cvebase