CVE-2014-1808

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2013 Gold, SP1, RT, and RT SP1

Description The issue is related to the improper handling of a specially crafted response when attempting to open an Office document hosted on a malicious website. This allows an attacker to obtain access tokens used for authenticating the current user on a targeted Microsoft online service.

Recommendations For Microsoft Office 2013 Gold, SP1, RT, and RT SP1, update to a version that properly handles specially crafted responses to prevent access token disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.