MS13-091: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
2013-11-13T00:00:00
ID SMB_NT_MS13-091.NASL Type nessus Reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. Modified 2021-01-02T00:00:00
Description
The remote Windows host is running a version of Microsoft Office or
Office Compatibility Pack that is affected by multiple remote code
execution vulnerabilities while parsing WordPerfect document files.
If an attacker can trick a user on the affected host into opening a
specially crafted file, it may be possible to leverage these issues to
read arbitrary files on the target system or execute arbitrary code,
subject to the user's privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(70849);
script_version("1.22");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id("CVE-2013-0082", "CVE-2013-1324", "CVE-2013-1325");
script_bugtraq_id(63559, 63569, 63570);
script_xref(name:"MSFT", value:"MS13-091");
script_xref(name:"MSKB", value:"2553284");
script_xref(name:"MSKB", value:"2760415");
script_xref(name:"MSKB", value:"2760494");
script_xref(name:"MSKB", value:"2760781");
script_xref(name:"MSKB", value:"2768005");
script_name(english:"MS13-091: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)");
script_summary(english:"Checks file versions.");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft Office component installed on the remote host is
affected by multiple remote code execution vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is running a version of Microsoft Office or
Office Compatibility Pack that is affected by multiple remote code
execution vulnerabilities while parsing WordPerfect document files.
If an attacker can trick a user on the affected host into opening a
specially crafted file, it may be possible to leverage these issues to
read arbitrary files on the target system or execute arbitrary code,
subject to the user's privileges.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-091");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Office 2003, 2007, 2010,
2013, and Office Compatibility Pack.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/12");
script_set_attribute(attribute:"patch_publication_date", value:"2013/11/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("office_installed.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
global_var bulletin, vuln;
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = "MS13-091";
kbs = make_list(
2553284,
2760415,
2760494,
2760781,
2768005
);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
info = "";
vuln = 0;
arch = get_kb_item_or_exit("SMB/ARCH");
######################################################################
# Office
######################################################################
# Ensure Office is installed
office_vers = hotfix_check_office_version();
commonfiles = hotfix_get_commonfilesdir();
if (!commonfiles) audit(AUDIT_PATH_NOT_DETERMINED, 'Common Files');
x64_path = hotfix_get_programfilesdirx86();
if (arch == 'x64' && !x64_path) audit(AUDIT_PATH_NOT_DETERMINED, 'Program Files (x86)');
# Check file version
if (office_vers["14.0"])
{
share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:commonfiles);
if (is_accessible_share(share:share))
{
office_sp = get_kb_item("SMB/Office/2010/SP");
if (!isnull(office_sp) && office_sp == 1)
{
path = get_kb_item('SMB/Office/Word/14.0/Path');
if (!isnull(path))
{
path += "\Proof";
old_report = hotfix_get_report();
check_file = "mssp7en.dll";
if (hotfix_check_fversion(path:path, file:check_file, version:"14.0.7107.5000", min_version:"14.0.6029.1000") == HCF_OLDER)
{
file = ereg_replace(pattern:"^[A-Za-z]:(.*)", string:path, replace:"\1\" + check_file);
kb_name = "SMB/FileVersions/"+tolower(share-'$')+tolower(str_replace(string:file, find:"\", replace:"/"));
version = get_kb_item(kb_name);
info =
'\n Product : Microsoft Office 2010' +
'\n File : ' + path + '\\' + check_file +
'\n Installed version : ' + version +
'\n Fixed version : 14.0.7107.5000' + '\n';
hcf_report = '';
hotfix_add_report(old_report + info, bulletin:bulletin, kb:"2760781");
vuln++;
}
}
}
}
}
# Office 2003 SP3
if (office_vers["11.0"])
{
office_sp = get_kb_item("SMB/Office/2003/SP");
if (!isnull(office_sp) && office_sp == 3)
{
kb = "2760494";
if (
hotfix_is_vulnerable(file:"Wpft532.cnv", version:"2003.1100.8405.0", min_version:"2003.1100.0.0", path:commonfiles+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(file:"Wpft532.cnv", arch:"x64", version:"2003.1100.8405.0", min_version:"2003.1100.0.0", path:x64_path+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb)
) vuln++;
}
}
# Office 2007 SP3
if (office_vers["12.0"])
{
office_sp = get_kb_item("SMB/Office/2007/SP");
if (!isnull(office_sp) && office_sp == 3)
{
kb = "2760415";
if (
hotfix_is_vulnerable(file:"Wpft532.cnv", version:"2006.1200.6676.5000", min_version:"2006.1200.0.0", path:commonfiles+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(file:"Wpft532.cnv", arch:"x64", version:"2006.1200.6676.5000", min_version:"2006.1200.0.0", path:x64_path+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb)
) vuln++;
}
}
# Office 2010 SP1
else if (office_vers["14.0"])
{
office_sp = get_kb_item("SMB/Office/2010/SP");
if (!isnull(office_sp) && office_sp == 1)
{
kb = "2553284";
if (
hotfix_is_vulnerable(file:"Wpft532.cnv", version:"2010.1400.7011.1000", min_version:"2010.1400.0.0", path:commonfiles+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(file:"Wpft532.cnv", arch:"x64", version:"2010.1400.7011.1000", min_version:"2010.1400.0.0", path:x64_path+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb)
) vuln++;
}
}
# Office 2013
else if (office_vers["15.0"])
{
office_sp = get_kb_item("SMB/Office/2013/SP");
if (!isnull(office_sp) && office_sp == 0)
{
kb = "2768005";
if (
hotfix_is_vulnerable(file:"Wpft532.cnv", version:"2012.1500.4525.1000", min_version:"2012.1500.0.0", path:commonfiles+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(file:"Wpft532.cnv", arch:"x64", version:"2012.1500.4525.1000", min_version:"2012.1500.0.0", path:x64_path+"\microsoft shared\TextConv", bulletin:bulletin, kb:kb)
) vuln++;
}
}
if (info || vuln)
{
set_kb_item(name:"SMB/Missing/" + bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, "affected");
}
{"id": "SMB_NT_MS13-091.NASL", "bulletinFamily": "scanner", "title": "MS13-091: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)", "description": "The remote Windows host is running a version of Microsoft Office or\nOffice Compatibility Pack that is affected by multiple remote code\nexecution vulnerabilities while parsing WordPerfect document files.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted file, it may be possible to leverage these issues to\nread arbitrary files on the target system or execute arbitrary code,\nsubject to the user's privileges.", "published": "2013-11-13T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/70849", "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-091"], "cvelist": ["CVE-2013-0082", "CVE-2013-1325", "CVE-2013-1324"], "type": "nessus", "lastseen": "2021-01-01T05:43:39", "edition": 26, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1325", "CVE-2013-0082", "CVE-2013-1324"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310903414", "OPENVAS:903414"]}, {"type": "mskb", "idList": ["KB2885093"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13399"]}, {"type": "symantec", "idList": ["SMNTC-63559", "SMNTC-63570", "SMNTC-63569"]}], "modified": "2021-01-01T05:43:39", "rev": 2}, "score": {"value": 9.1, "vector": "NONE", "modified": "2021-01-01T05:43:39", "rev": 2}, "vulnersScore": 9.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70849);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2013-0082\", \"CVE-2013-1324\", \"CVE-2013-1325\");\n script_bugtraq_id(63559, 63569, 63570);\n script_xref(name:\"MSFT\", value:\"MS13-091\");\n script_xref(name:\"MSKB\", value:\"2553284\");\n script_xref(name:\"MSKB\", value:\"2760415\");\n script_xref(name:\"MSKB\", value:\"2760494\");\n script_xref(name:\"MSKB\", value:\"2760781\");\n script_xref(name:\"MSKB\", value:\"2768005\");\n\n script_name(english:\"MS13-091: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)\");\n script_summary(english:\"Checks file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office component installed on the remote host is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Office or\nOffice Compatibility Pack that is affected by multiple remote code\nexecution vulnerabilities while parsing WordPerfect document files.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted file, it may be possible to leverage these issues to\nread arbitrary files on the target system or execute arbitrary code,\nsubject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2003, 2007, 2010,\n2013, and Office Compatibility Pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin, vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS13-091\";\nkbs = make_list(\n 2553284,\n 2760415,\n 2760494,\n 2760781,\n 2768005\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\ninfo = \"\";\nvuln = 0;\narch = get_kb_item_or_exit(\"SMB/ARCH\");\n\n######################################################################\n# Office\n######################################################################\n# Ensure Office is installed\noffice_vers = hotfix_check_office_version();\ncommonfiles = hotfix_get_commonfilesdir();\n\nif (!commonfiles) audit(AUDIT_PATH_NOT_DETERMINED, 'Common Files');\n\nx64_path = hotfix_get_programfilesdirx86();\nif (arch == 'x64' && !x64_path) audit(AUDIT_PATH_NOT_DETERMINED, 'Program Files (x86)');\n\n# Check file version\nif (office_vers[\"14.0\"])\n{\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:commonfiles);\n if (is_accessible_share(share:share))\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 1)\n {\n path = get_kb_item('SMB/Office/Word/14.0/Path');\n if (!isnull(path))\n {\n path += \"\\Proof\";\n old_report = hotfix_get_report();\n check_file = \"mssp7en.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"14.0.7107.5000\", min_version:\"14.0.6029.1000\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office 2010' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.0.7107.5000' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2760781\");\n vuln++;\n }\n }\n }\n }\n}\n\n# Office 2003 SP3\nif (office_vers[\"11.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2003/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n kb = \"2760494\";\n if (\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", version:\"2003.1100.8405.0\", min_version:\"2003.1100.0.0\", path:commonfiles+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", arch:\"x64\", version:\"2003.1100.8405.0\", min_version:\"2003.1100.0.0\", path:x64_path+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb)\n ) vuln++;\n }\n}\n\n# Office 2007 SP3\nif (office_vers[\"12.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n kb = \"2760415\";\n if (\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", version:\"2006.1200.6676.5000\", min_version:\"2006.1200.0.0\", path:commonfiles+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", arch:\"x64\", version:\"2006.1200.6676.5000\", min_version:\"2006.1200.0.0\", path:x64_path+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb)\n ) vuln++;\n }\n}\n\n# Office 2010 SP1\nelse if (office_vers[\"14.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 1)\n {\n kb = \"2553284\";\n if (\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", version:\"2010.1400.7011.1000\", min_version:\"2010.1400.0.0\", path:commonfiles+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", arch:\"x64\", version:\"2010.1400.7011.1000\", min_version:\"2010.1400.0.0\", path:x64_path+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb)\n ) vuln++;\n }\n}\n# Office 2013\nelse if (office_vers[\"15.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2013/SP\");\n if (!isnull(office_sp) && office_sp == 0)\n {\n kb = \"2768005\";\n if (\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", version:\"2012.1500.4525.1000\", min_version:\"2012.1500.0.0\", path:commonfiles+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(file:\"Wpft532.cnv\", arch:\"x64\", version:\"2012.1500.4525.1000\", min_version:\"2012.1500.0.0\", path:x64_path+\"\\microsoft shared\\TextConv\", bulletin:bulletin, kb:kb)\n ) vuln++;\n }\n}\nif (info || vuln)\n{\n set_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "pluginID": "70849", "cpe": ["cpe:/a:microsoft:office"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T12:45:56", "description": "Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka \"Word Heap Overwrite Vulnerability.\"", "edition": 3, "cvss3": {}, "published": "2013-11-13T00:55:00", "title": "CVE-2013-1325", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1325"], "modified": "2018-10-12T22:04:00", "cpe": ["cpe:/a:microsoft:office:2003", "cpe:/a:microsoft:office:2007"], "id": "CVE-2013-1325", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1325", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:52", "description": "Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka \"WPD File Format Memory Corruption Vulnerability.\"", "edition": 3, "cvss3": {}, "published": "2013-11-13T00:55:00", "title": "CVE-2013-0082", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0082"], "modified": "2018-10-12T22:03:00", "cpe": ["cpe:/a:microsoft:office:2003", "cpe:/a:microsoft:office:2007"], "id": "CVE-2013-0082", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0082", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:56", "description": "Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka \"Word Stack Buffer Overwrite Vulnerability.\"", "edition": 3, "cvss3": {}, "published": "2013-11-13T00:55:00", "title": "CVE-2013-1324", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1324"], "modified": "2018-10-12T22:04:00", "cpe": ["cpe:/a:microsoft:office:2003", "cpe:/a:microsoft:office:2007", "cpe:/a:microsoft:office:2010", "cpe:/a:microsoft:office_2013_rt:-", "cpe:/a:microsoft:office:2013"], "id": "CVE-2013-1324", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1324", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2013:-:-:*:-:-:x64:*", "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:-:-:*:-:-:x86:*", "cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*", "cpe:2.3:a:microsoft:office_2013_rt:-:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:11:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0082", "CVE-2013-1325", "CVE-2013-1324"], "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-091.", "modified": "2017-05-08T00:00:00", "published": "2013-11-13T00:00:00", "id": "OPENVAS:903414", "href": "http://plugins.openvas.org/nasl.php?oid=903414", "type": "openvas", "title": "Microsoft Office Remote Code Execution Vulnerabilities (2885093)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-091.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Microsoft Office Remote Code Execution Vulnerabilities (2885093)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(903414);\n script_version(\"$Revision: 6079 $\");\n script_cve_id(\"CVE-2013-0082\", \"CVE-2013-1324\", \"CVE-2013-1325\");\n script_bugtraq_id(63559, 63569, 63570);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-13 15:08:45 +0530 (Wed, 13 Nov 2013)\");\n script_name(\"Microsoft Office Remote Code Execution Vulnerabilities (2885093)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-091.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Flaws are due to an error when parsing WordPerfect documents files (.wpd).\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to corrupt memory, cause\na buffer overflow and execution the arbitrary code.\n\nImpact Level: System/Application \";\n\n tag_affected =\n\"Microsoft Office 2013\nMicrosoft Office 2003 Service Pack 3 and prior\nMicrosoft Office 2007 Service Pack 3 and prior\nMicrosoft Office 2010 Service Pack 1 and prior\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-091\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/55539\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760494\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760781\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2768005\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-091\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n# Variable Initialization\noffVer = \"\";\npath = \"\";\nfileVer = \"\";\n\n## MS Office 2003\noffVer = get_kb_item(\"MS/Office/Ver\");\nif(!offVer){\n exit(0);\n}\n\n## Get Office File Path\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(!path){\n exit(0);\n}\n\n## Office 2003 text converters\nif(offVer =~ \"^11.*\")\n{\n filePath = path + \"\\Microsoft Shared\\TextConv\";\n fileVer = fetch_file_version(sysPath:filePath, file_name:\"msconv97.dll\");\n if(fileVer)\n {\n ## Grep for Msconv97.dll version < 2003.1100.8327\n if(version_in_range(version:fileVer, test_version:\"2003\", test_version2:\"2003.1100.8326\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Microsoft Office 2013 (file formats)\nif(offVer =~ \"^(12|14|15)\\..*\")\n{\n filePath = path + \"\\Microsoft Shared\\TextConv\";\n ##\n fileVer = fetch_file_version(sysPath:filePath, file_name:\"Wpft532.cnv\");\n if(fileVer)\n {\n ## Microsoft Office 2007 File Formats\n ## Microsoft Office 2013 (file formats)\n ## Microsoft Office 2010 (file format converters)\n if(version_in_range(version:fileVer, test_version:\"2012\", test_version2:\"2012.1500.4525.0999\")||\n version_in_range(version:fileVer, test_version:\"2010\", test_version2:\"2010.1400.7011.0999\") ||\n version_in_range(version:fileVer, test_version:\"2006\", test_version2:\"2006.1200.6676.4999\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-08T14:03:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0082", "CVE-2013-1325", "CVE-2013-1324"], "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-091.", "modified": "2019-12-20T00:00:00", "published": "2013-11-13T00:00:00", "id": "OPENVAS:1361412562310903414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903414", "type": "openvas", "title": "Microsoft Office Remote Code Execution Vulnerabilities (2885093)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Remote Code Execution Vulnerabilities (2885093)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903414\");\n script_version(\"2019-12-20T12:48:41+0000\");\n script_cve_id(\"CVE-2013-0082\", \"CVE-2013-1324\", \"CVE-2013-1325\");\n script_bugtraq_id(63559, 63569, 63570);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:48:41 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-11-13 15:08:45 +0530 (Wed, 13 Nov 2013)\");\n script_name(\"Microsoft Office Remote Code Execution Vulnerabilities (2885093)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-091.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to an error when parsing WordPerfect documents files (.wpd).\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Office 2013\n\n - Microsoft Office 2003 Service Pack 3 and prior\n\n - Microsoft Office 2007 Service Pack 3 and prior\n\n - Microsoft Office 2010 Service Pack 1 and prior\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to corrupt memory, cause\n a buffer overflow and execution the arbitrary code.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760494\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760781\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2768005\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-091\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## MS Office 2003\noffVer = get_kb_item(\"MS/Office/Ver\");\nif(!offVer){\n exit(0);\n}\n\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(!path){\n exit(0);\n}\n\n## Office 2003 text converters\nif(offVer =~ \"^11\\.\")\n{\n filePath = path + \"\\Microsoft Shared\\TextConv\";\n fileVer = fetch_file_version(sysPath:filePath, file_name:\"msconv97.dll\");\n if(fileVer)\n {\n if(version_in_range(version:fileVer, test_version:\"2003\", test_version2:\"2003.1100.8326\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\n## Microsoft Office 2013 (file formats)\nif(offVer =~ \"^1[245]\\.\")\n{\n filePath = path + \"\\Microsoft Shared\\TextConv\";\n ##\n fileVer = fetch_file_version(sysPath:filePath, file_name:\"Wpft532.cnv\");\n if(fileVer)\n {\n ## Microsoft Office 2007 File Formats\n ## Microsoft Office 2013 (file formats)\n ## Microsoft Office 2010 (file format converters)\n if(version_in_range(version:fileVer, test_version:\"2012\", test_version2:\"2012.1500.4525.0999\")||\n version_in_range(version:fileVer, test_version:\"2010\", test_version2:\"2010.1400.7011.0999\") ||\n version_in_range(version:fileVer, test_version:\"2006\", test_version2:\"2006.1200.6676.4999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:36:01", "bulletinFamily": "microsoft", "cvelist": ["CVE-2013-0082", "CVE-2013-1325", "CVE-2013-1324"], "description": "<html><body><p>Describes a security update that addresses vulnerabilities by correcting how Office parses specially crafted files and how the XML parser that is used by Word resolves external entities in a specially crafted file.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS13-091. To view the complete security bulletin, go to one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms13-091\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS13-091</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link. <ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2553284\" id=\"kb-link-8\">2553284 </a> MS13-091: Description of the security update for Microsoft Office 2010 (file format converters): November 12, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2760415\" id=\"kb-link-9\">2760415 </a>\u00a0MS13-091: Description of the security update for Microsoft Office 2007 File Formats: November 12, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2760494\" id=\"kb-link-10\">2760494 </a> MS13-091: Description of the security update for Office 2003 text converters: November 12, 2013 </li><li><a href=\"https://support.microsoft.com/en-us/help/2760781\" id=\"kb-link-11\">2760781 </a> MS13-091: Description of the security update for Microsoft Office 2010 (proofing tools): November 12, 2013 </li><li><a href=\"https://support.microsoft.com/en-us/help/2768005\" id=\"kb-link-12\">2768005 </a> MS13-091: Description of the security update for Microsoft Office 2013 (file formats): November 12, 2013 </li></ul><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">convloc.exe</td><td class=\"sbody-td\">6001ABB3DD3323E4D4D5E5AA55B3285D8A325FB8</td><td class=\"sbody-td\">6FA838929461C43CD7CFBDB8A674FC99A48206D150C5B970F85F989E67E10052</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">convloc2007-kb2760415-fullfile-x86-glb.exe</td><td class=\"sbody-td\">401585ABD13402A23CE315EE3AD797305998736D</td><td class=\"sbody-td\">9588E03442645390CE89BA26830770F59CE6466D61FFC1CA890A44521A88CB0F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">convloc2010-kb2553284-fullfile-x64-glb.exe</td><td class=\"sbody-td\">74DC43395104A6424E501C2B08B7AAA9A8E4C4D0</td><td class=\"sbody-td\">2491C8871027E210DA38E9247B4FFD9760769D72ED5F02E968B7315DA0C9C449</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">convloc2010-kb2553284-fullfile-x86-glb.exe</td><td class=\"sbody-td\">48BF36E0E0E0CABB0ABEA9C778EE3BA15FB490D7</td><td class=\"sbody-td\">591ECFD2532C8315FFF887314918F103B812F89AF5D6594B56311CF724A80698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">convloc64.exe</td><td class=\"sbody-td\">59022FD6559D4D3FC6FA04A7805919779574258E</td><td class=\"sbody-td\">31F7F4BB8A24786FED2DE7730939E4740CF8E369681DD8818FF504EF996D5E84</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">office2003-kb2760494-fullfile-enu.exe</td><td class=\"sbody-td\">830D29E3FCAB65A1F0A6B5687F40C6B4DC1F412F</td><td class=\"sbody-td\">48CA2D479ABD4D5AADAC771AF0367FD96363FC4F840CB03ADEDC07EB1D979EB7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">proofloc2010-kb2760781-fullfile-x64-glb.exe</td><td class=\"sbody-td\">2257FD5713E0201DB5807BD0D8500791EACCE73E</td><td class=\"sbody-td\">0A9ADB7A537AE1835413BD3A3C35B339F263C96AB1DEBFAE64D69D040C42755E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">proofloc2010-kb2760781-fullfile-x86-glb.exe</td><td class=\"sbody-td\">57A59262989FA7698F9B54AAF419F70B2F0C4CD5</td><td class=\"sbody-td\">26C8844DE3A617D243110DDD0EDC340EE4C0312863886E254A96C28BA95DB5D8</td></tr></table></div></div><br/></span></div></div></div></div></body></html>", "edition": 2, "modified": "2013-11-13T04:20:31", "id": "KB2885093", "href": "https://support.microsoft.com/en-us/help/2885093/", "published": "2013-11-12T00:00:00", "title": "MS13-091: Vulnerabilities in Microsoft Office could allow remote code execution: November 12, 2013", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-0082", "CVE-2013-3905", "CVE-2013-1325", "CVE-2013-1324"], "description": "Buffer overflow and memory corruption in Microsoft Word, memory corruption on WPD parsing, Outlook information leakage.", "edition": 1, "modified": "2013-11-13T00:00:00", "published": "2013-11-13T00:00:00", "id": "SECURITYVULNS:VULN:13399", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13399", "title": "Microsoft Office multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-11T20:41:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-0082"], "description": "### Description\n\nMicrosoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office 2003 SP3 \n * Microsoft Office 2007 SP3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2013-11-12T00:00:00", "published": "2013-11-12T00:00:00", "id": "SMNTC-63559", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/63559", "type": "symantec", "title": "Microsoft Office WPD File CVE-2013-0082 Remote Memory Corruption Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:42:15", "bulletinFamily": "software", "cvelist": ["CVE-2013-1324"], "description": "### Description\n\nMicrosoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office 2003 SP3 \n * Microsoft Office 2007 SP3 \n * Microsoft Office 2010 (32-bit edition) SP1 \n * Microsoft Office 2010 (64-bit edition) SP1 \n * Microsoft Office 2013 (32-bit editions) \n * Microsoft Office 2013 (64-bit editions) \n * Microsoft Office 2013 RT \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2013-11-12T00:00:00", "published": "2013-11-12T00:00:00", "id": "SMNTC-63569", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/63569", "type": "symantec", "title": "Microsoft Office WPD File CVE-2013-1324 Remote Memory Corruption Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-12T06:25:07", "bulletinFamily": "software", "cvelist": ["CVE-2013-1325"], "description": "### Description\n\nMicrosoft Office is prone to a remote code-execution vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office 2003 SP3 \n * Microsoft Office 2007 SP3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2013-11-12T00:00:00", "published": "2013-11-12T00:00:00", "id": "SMNTC-63570", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/63570", "type": "symantec", "title": "Microsoft Office WPD File Processing CVE-2013-1325 Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
