CVE-2013-5054

EXPLOITED IN THE WILD

Microsoft Office 2013-2013 RT - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-5054 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."

References (1)

Core 1
Core References

Scores

EPSS 0.1277
EPSS Percentile 95.8%

Details

VulnCheck KEV 2013-12-10
InTheWild.io 2018-10-12
CWE
CWE-200
Status published
Products (2)
microsoft/office 2013 (2 CPE variants)
microsoft/office_2013_rt
Published Dec 11, 2013
Tracked Since Feb 18, 2026