CVE-2013-3160

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2003 SP3 through 2007 SP3 Word versions 2003 SP3 through 2007 SP3 Word Viewer (affected versions not specified)

Description The issue is related to an XML External Entity (XXE) problem, where an XML document containing an external entity declaration in conjunction with an entity reference can be used to read arbitrary files. This occurs because of the way Microsoft Word parses specially crafted XML files containing external entities, leading to an information disclosure vulnerability.

Recommendations For Microsoft Office versions 2003 SP3 through 2007 SP3, consider disabling the parsing of external entities in XML files as a temporary workaround until a patch is available. For Word versions 2003 SP3 through 2007 SP3, restrict access to specially crafted XML files to minimize the risk of exploitation. For Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.