What is CVE-2013-3847?

CVE-2013-3847 is a vulnerability in Microsoft Office_compatibility_pack, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-09-11.

Is CVE-2013-3847 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Microsoft Office_compatibility_pack

CVE-2013-3847

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute…

Vulnerability class: Buffer Overflow

EPSS: 0.642 (98.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office_compatibility_pack
Microsoft Office_web_apps — versions 2010
Microsoft Sharepoint_foundation — versions 2010
Microsoft Sharepoint_portal_server — versions 2003
Microsoft Sharepoint_server — versions 2010
Microsoft Sharepoint_services — versions 2.0, 3.0
Microsoft Word — versions 2003, 2007, 2010
Microsoft Word_viewer
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

oval:org.mitre.oval:def:18749 (x_refsource_OVAL, signature, vdb-entry)
oval:org.mitre.oval:def:18988 (x_refsource_OVAL, signature, vdb-entry)
MS13-072 (x_refsource_MS, vendor-advisory)
MS13-067 (x_refsource_MS, vendor-advisory)
TA13-253A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)

Frequently asked questions

What is CVE-2013-3847?: CVE-2013-3847 is a vulnerability in Microsoft Office_compatibility_pack, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-09-11.
Is CVE-2013-3847 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.