⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2013-5054Sensitive Information Exposure in Microsoft Office

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
11.4%
top 6.40%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft Office
Timeline
PublishedDec 11
Latest updateMay 14

Description

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xx2r-34w4-h84r: Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Offic2022-05-14
VulnCheck
Microsoft Office Exposure of Sensitive Information to an Unauthorized Actor2013

🕵️Threat Intelligence

2
Talos
Microsoft Update Tuesday: December 2013, some 0-day fixes2013-12-10
Talos
Microsoft Update Tuesday: December 2013, some 0-day fixes2013-12-10
CVE-2013-5054 — Sensitive Information Exposure | cvebase