<< Back
CVE Number Vulnerability Product Severity Date
MS13-104 Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976) Microsoft Office Important 11-12-2013

Technical Information

Brief overview of the risk:
This security update resolves one privately reported vulnerability in Microsoft Office that could allow information disclosure if a user attempts to open an Office file hosted on a malicious website.
Detailed Information on the risk:

An information disclosure vulnerability exists when affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.


Further information on this exploit is available at : MS13-104

Affected Software

Microsoft Office 2013 (32-bit editions)
Microsoft Office 2013 (64-bit editions)