CVE-2013-5054

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2013 and 2013 RT

Description The issue allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a website. This is an information disclosure vulnerability that occurs when affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on a malicious website. An attacker who successfully exploits this issue could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site. The issue has been exploited in the wild.

Recommendations For Microsoft Office 2013 and 2013 RT, at the moment, there is no information about a newer version that contains a fix for this vulnerability.