Vulnerabilities > Microsoft > Office > 2013
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-05 | CVE-2014-2730 | Resource Management Errors vulnerability in Microsoft Office The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564. | 5.0 |
2013-12-11 | CVE-2013-5054 | Information Exposure vulnerability in Microsoft Office and Office 2013 RT Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability." | 4.3 |
2013-11-13 | CVE-2013-1324 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Office 2013 RT Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability." | 9.3 |
2013-10-09 | CVE-2013-3889 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability." | 9.3 |