CVE-2013-3160

Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."

Published: Sep 11, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-3160
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / office	2007-sp3	2007-sp3.x
microsoft / word	2003-sp3	2003-sp3.x
microsoft / word_viewer	-	-
microsoft / office	2003-sp3	2003-sp3.x
microsoft / word	2007-sp3	2007-sp3.x

http://www.us-cert.gov/ncas/alerts/TA13-253A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18819

Vulnerability Database

289,697

CVE-2013-3160