CVE-2013-5054
EXPLOITED IN THE WILDMicrosoft Office 2013-2013 RT - Info Disclosure
Title source: llmExploitation Summary
CVE-2013-5054 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-104
Scores
EPSS
0.1277
EPSS Percentile
95.8%
Details
VulnCheck KEV
2013-12-10
InTheWild.io
2018-10-12
CWE
CWE-200
Status
published
Products (2)
microsoft/office
2013 (2 CPE variants)
microsoft/office_2013_rt
Published
Dec 11, 2013
Tracked Since
Feb 18, 2026