CVE-2013-3160

Microsoft Office 2003 SP3 and 2007 SP3 - XML External Entity Injection

Title source: llm
STIX 2.1

Description

Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18819
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-253A

Scores

EPSS 0.2416
EPSS Percentile 97.6%

Details

CWE
CWE-200
Status published
Products (5)
microsoft/office 2003 sp3
microsoft/office 2007 sp3
microsoft/word 2003 sp3
microsoft/word 2007 sp3
microsoft/word_viewer
Published Sep 11, 2013
Tracked Since Feb 18, 2026