CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS13-104 | Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976) | Microsoft Office | Important | 11-12-2013 |
Technical Information
Brief overview of the risk:
This security update resolves one privately reported vulnerability in Microsoft Office that could allow information disclosure if a user attempts to open an Office file hosted on a malicious website.
Detailed Information on the risk:
An information disclosure vulnerability exists when affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.
Further information on this exploit is available at : MS13-104
Affected Software
Microsoft Office 2013 (32-bit editions)Microsoft Office 2013 (64-bit editions)