PT-2013-3059 · Microsoft · Office Visio
Timur Yunusov
·
Published
2013-05-14
·
Updated
2018-10-12
·
CVE-2013-1301
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Visio versions 2003 SP3 through 2010 SP1
Description
An information disclosure issue exists due to the way Microsoft Visio handles specially crafted XML files containing external entities. This allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference.
Recommendations
For Microsoft Visio versions 2003 SP3 through 2010 SP1, consider restricting the parsing of external entities in XML files to minimize the risk of information disclosure until a patch is available. As a temporary workaround, avoid using Microsoft Visio to open XML files from untrusted sources.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Office Visio