Information disclosure in Microsoft Office

CVE-2013-5054

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerabilit…

Vulnerability class: Information Disclosure

EPSS: 0.114 (93.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2013
Microsoft Office_2013_rt
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

MS13-104 (x_refsource_MS, vendor-advisory)