CVE-2013-1331
HIGH KEVMicrosoft Office 2003 SP3 and Office 2011 for Mac - Remote Code Execution via Crafted PNG Data
Title source: llmExploitation Summary
CVE-2013-1331 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.
Description
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1331
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16713
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-168A
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16732
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-051
Scores
CVSS v3
7.8
EPSS
0.8892
EPSS Percentile
99.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2016-04-01
InTheWild.io
2018-10-12
ENISA EUVD
EUVD-2013-1371
CWE
CWE-120
Status
published
Products (2)
microsoft/office
2003 sp3
microsoft/office
2011
Published
Jun 12, 2013
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026