MS13-091: Vulnerabilities in Microsoft Office could allow remote code execution: November 12, 2013

<html><body><p>Describes a security update that addresses vulnerabilities by correcting how Office parses specially crafted files and how the XML parser that is used by Word resolves external entities in a specially crafted file.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS13-091. To view the complete security bulletin, go to one of the following Microsoft websites: <ul><li>Home users:<div><a href=“http://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div><a href=“http://technet.microsoft.com/security/bulletin/ms13-091” target=“_self”>http://technet.microsoft.com/security/bulletin/MS13-091</a></div></li></ul><h3>How to obtain help and support for this security update</h3> Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></div><h2></h2><div><h3>Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link. <ul><li><a href=“https://support.microsoft.com/en-us/help/2553284”>2553284 </a> MS13-091: Description of the security update for Microsoft Office 2010 (file format converters): November 12, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2760415”>2760415 </a> MS13-091: Description of the security update for Microsoft Office 2007 File Formats: November 12, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2760494”>2760494 </a> MS13-091: Description of the security update for Office 2003 text converters: November 12, 2013 </li><li><a href=“https://support.microsoft.com/en-us/help/2760781”>2760781 </a> MS13-091: Description of the security update for Microsoft Office 2010 (proofing tools): November 12, 2013 </li><li><a href=“https://support.microsoft.com/en-us/help/2768005”>2768005 </a> MS13-091: Description of the security update for Microsoft Office 2013 (file formats): November 12, 2013 </li></ul><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>convloc.exe</td><td>6001ABB3DD3323E4D4D5E5AA55B3285D8A325FB8</td><td>6FA838929461C43CD7CFBDB8A674FC99A48206D150C5B970F85F989E67E10052</td></tr><tr><td>convloc2007-kb2760415-fullfile-x86-glb.exe</td><td>401585ABD13402A23CE315EE3AD797305998736D</td><td>9588E03442645390CE89BA26830770F59CE6466D61FFC1CA890A44521A88CB0F</td></tr><tr><td>convloc2010-kb2553284-fullfile-x64-glb.exe</td><td>74DC43395104A6424E501C2B08B7AAA9A8E4C4D0</td><td>2491C8871027E210DA38E9247B4FFD9760769D72ED5F02E968B7315DA0C9C449</td></tr><tr><td>convloc2010-kb2553284-fullfile-x86-glb.exe</td><td>48BF36E0E0E0CABB0ABEA9C778EE3BA15FB490D7</td><td>591ECFD2532C8315FFF887314918F103B812F89AF5D6594B56311CF724A80698</td></tr><tr><td>convloc64.exe</td><td>59022FD6559D4D3FC6FA04A7805919779574258E</td><td>31F7F4BB8A24786FED2DE7730939E4740CF8E369681DD8818FF504EF996D5E84</td></tr><tr><td>office2003-kb2760494-fullfile-enu.exe</td><td>830D29E3FCAB65A1F0A6B5687F40C6B4DC1F412F</td><td>48CA2D479ABD4D5AADAC771AF0367FD96363FC4F840CB03ADEDC07EB1D979EB7</td></tr><tr><td>proofloc2010-kb2760781-fullfile-x64-glb.exe</td><td>2257FD5713E0201DB5807BD0D8500791EACCE73E</td><td>0A9ADB7A537AE1835413BD3A3C35B339F263C96AB1DEBFAE64D69D040C42755E</td></tr><tr><td>proofloc2010-kb2760781-fullfile-x86-glb.exe</td><td>57A59262989FA7698F9B54AAF419F70B2F0C4CD5</td><td>26C8844DE3A617D243110DDD0EDC340EE4C0312863886E254A96C28BA95DB5D8</td></tr></table></div></div><br /></span></div></div></div></div></body></html>