Arnaud Maillet

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2013 Gold, SP1, RT, and RT SP1 **Description** The issue is related to the improper handling of a specially crafted response when attempting to open an Office document hosted on a malicious website. This allows an attacker to obtain access tokens used for authenticating the current user on a targeted Microsoft online service. **Recommendations** For Microsoft Office 2013 Gold, SP1, RT, and RT SP1, update to a version that properly handles specially crafted responses to prevent access token disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.