CVE-2013-3160
Microsoft Office 2003 SP3 and 2007 SP3 - XML External Entity Injection
Title source: llmDescription
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18819
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-253A
Scores
EPSS
0.2416
EPSS Percentile
97.6%
Details
CWE
CWE-200
Status
published
Products (5)
microsoft/office
2003 sp3
microsoft/office
2007 sp3
microsoft/word
2003 sp3
microsoft/word
2007 sp3
microsoft/word_viewer
Published
Sep 11, 2013
Tracked Since
Feb 18, 2026