Noam Liran

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2013 and 2013 RT **Description** The issue allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a website. This is an information disclosure vulnerability that occurs when affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on a malicious website. An attacker who successfully exploits this issue could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site. The issue has been exploited in the wild. **Recommendations** For Microsoft Office 2013 and 2013 RT, at the moment, there is no information about a newer version that contains a fix for this vulnerability.