CVE-2013-1301
Summary
| CVE | CVE-2013-1301 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-05-15 03:36:00 UTC |
| Updated | 2018-10-12 22:04:00 UTC |
| Description | Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Visio | 2003 | sp3 | All | All |
| Application | Microsoft | Visio | 2007 | sp3 | All | All |
| Application | Microsoft | Visio | 2010 | sp1 | All | All |
| Application | Microsoft | Visio | 2003 | sp3 | All | All |
| Application | Microsoft | Visio | 2007 | sp3 | All | All |
| Application | Microsoft | Visio | 2010 | sp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Updates for Multiple Vulnerabilities | US-CERT | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| Microsoft Security Bulletin MS13-044 - Important | Microsoft Docs | MS | docs.microsoft.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.