CVE-2013-1301

Microsoft Visio <2010.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-134A
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750

Scores

EPSS 0.1671
EPSS Percentile 96.7%

Details

CWE
CWE-200
Status published
Products (3)
microsoft/visio 2003 sp3
microsoft/visio 2007 sp3
microsoft/visio 2010 sp1
Published May 15, 2013
Tracked Since Feb 18, 2026