Description
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-134A
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044
Scores
EPSS
0.1671
EPSS Percentile
96.7%
Details
CWE
CWE-200
Status
published
Products (3)
microsoft/visio
2003 sp3
microsoft/visio
2007 sp3
microsoft/visio
2010 sp1
Published
May 15, 2013
Tracked Since
Feb 18, 2026