Information disclosure in Microsoft Visio

CVE-2013-1301

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vu…

Vulnerability class: Information Disclosure

EPSS: 0.278 (96.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Visio — versions 2003, 2007, 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

TA13-134A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
oval:org.mitre.oval:def:16750 (x_refsource_OVAL, signature, vdb-entry)
MS13-044 (x_refsource_MS, vendor-advisory)