Detections
Analytics

MS13-104: Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)

medium Nessus Plugin ID 71319

Language:

Synopsis

The version of Microsoft Office installed on the remote Windows host is affected by an information disclosure vulnerability.

Description

The remote Windows host has a version of Microsoft Office 2013 that is affected by an information disclosure vulnerability. By tricking a user into opening an Office file hosted a malicious website, an attacker could obtain access tokens used to authenticate that user on a SharePoint or other Microsoft Office server site.

Solution

Microsoft has released a patch for Office 2013.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-104

Plugin Details

Severity: Medium

ID: 71319

File Name: smb_nt_ms13-104.nasl

Version: 1.11

Type: local

Agent: windows

Published: 12/11/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 12/10/2013

Vulnerability Publication Date: 12/10/2013

Reference Information

CVE: CVE-2013-5054

BID: 64092

MSFT: MS13-104

MSKB: 2850064