Microsoft · Office · CVE-2014-1808
**Name of the Vulnerable Software and Affected Versions**
Microsoft Office versions 2013 Gold, SP1, RT, and RT SP1
**Description**
The issue is related to the improper handling of a specially crafted response when attempting to open an Office document hosted on a malicious website. This allows an attacker to obtain access tokens used for authenticating the current user on a targeted Microsoft online service.
**Recommendations**
For Microsoft Office 2013 Gold, SP1, RT, and RT SP1, update to a version that properly handles specially crafted responses to prevent access token disclosure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.