Information disclosure in Microsoft Office

Published: 2013-12-10 | Updated: 2017-03-11
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2013-5054
CWE ID CWE-200
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Microsoft Office Subscribe
Vendor Microsoft

Security Advisory

This security advisory describes one high risk vulnerability.

1) Information disclosure

Severity: High

CVSSv3: 4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2013-5054

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in handling of a specially crafted response when opening a malicious Office file. A remote attacker can create a specially crafted file using, host it on remote website, trick the victim into opening it and gain access to tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Install update from vendor's website:

Microsoft Office 2013 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=4daa3de8-4c70-498c-82d6-fe8250278e5e
Microsoft Office 2013 (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=09f52670-bb42-425a-ac7b-1afddf82faea

Vulnerable software versions

Microsoft Office: 2013

CPE External links

https://technet.microsoft.com/en-us/library/security/ms13-104.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.