Information disclosure in Microsoft Office

Published: 2013-12-10 00:00:00 | Updated: 2017-03-11
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2013-5054
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Microsoft Office
Vulnerable software versions Microsoft Office 2013
Vendor URL Microsoft

Security Advisory

1) Information disclosure


The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in handling of a specially crafted response when opening a malicious Office file. A remote attacker can create a specially crafted file using, host it on remote website, trick the victim into opening it and gain access to tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Note: the vulnerability was being actively exploited.


Install update from vendor's website:

Microsoft Office 2013 (32-bit editions):
Microsoft Office 2013 (64-bit editions):

External links

Back to List