CVE-2013-1301

Name of the Vulnerable Software and Affected Versions Microsoft Visio versions 2003 SP3 through 2010 SP1

Description An information disclosure issue exists due to the way Microsoft Visio handles specially crafted XML files containing external entities. This allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference.

Recommendations For Microsoft Visio versions 2003 SP3 through 2010 SP1, consider restricting the parsing of external entities in XML files to minimize the risk of information disclosure until a patch is available. As a temporary workaround, avoid using Microsoft Visio to open XML files from untrusted sources.