Lucene search

K

[email protected]NVD:CVE-2013-3849

HistorySep 11, 2013 - 2:03 p.m.

CVE-2013-3849

2013-09-1114:03:48

CWE-119

[email protected]

web.nvd.nist.gov

1

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.706 High

EPSS

Percentile

98.0%

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Word Memory Corruption Vulnerability,” a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.

Affected configurations

NVD

Node

microsoftoffice_compatibility_packsp3

OR

microsoftwordMatch2003sp3

OR

microsoftwordMatch2007sp3

OR

microsoftwordMatch2010sp1

OR

microsoftwordMatch2010sp1x64

OR

microsoftword_viewer

Node

microsoftsharepoint_serverMatch2010sp1

Node

microsoftoffice_web_appsMatch2010sp1

References

www.us-cert.gov/ncas/alerts/TA13-253A

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.706 High

EPSS

Percentile

98.0%

Related for NVD:CVE-2013-3849

cve4 prion4 nvd3 cvelist4 mskb1 securityvulns2 nessus2 openvas8 symantec4 seebug1 checkpoint_advisories1