CVE-2013-1315 - Vulnerability Details

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Excel Excel Viewer Office Office Compatibility Pack Office Web Apps Sharepoint Foundation Sharepoint Portal Server Sharepoint Server Sharepoint Services

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:excel:2003:sp3::::::
	cpe:2.3:a:microsoft:excel:2007:sp3::::::
	cpe:2.3:a:microsoft:excel:2010:sp1::::::
	cpe:2.3:a:microsoft:excel:2010:sp2:::::x64:*
	cpe:2.3:a:microsoft:excel:2010:sp2::::x86::*
	cpe:2.3:a:microsoft:excel:2013:::::::*
	cpe:2.3:a:microsoft:excel:2013::::::x64:
	cpe:2.3:a:microsoft:excel:2013:::::x86::
	cpe:2.3:a:microsoft:excel_viewer::::::::
	cpe:2.3:a:microsoft:office:2011::mac:::::
	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
	cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1::::::

Configuration 2 [-]

OR	cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2::::::
	cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3::::::
	cpe:2.3:a:microsoft:sharepoint_server:2007:sp3::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
	cpe:2.3:a:microsoft:sharepoint_services:2.0:::::::*
	cpe:2.3:a:microsoft:sharepoint_services:3.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:microsoft:office_web_apps:2010:sp1::::::
	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::

No data.

References

Link	Providers
http://www.us-cert.gov/ncas/alerts/TA13-253A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2013-09-11T10:00:00

Updated: 2024-08-06T14:57:04.977Z

Reserved: 2013-01-12T00:00:00

Link: CVE-2013-1315

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-09-11T14:03:48.027

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-1315

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object