CVE-2013-3858: Buffer Overflow
First published: Wed Sep 11 2013(Updated: )
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =sp3 | |
| Microsoft Office Word | =2003-sp3 | |
| Microsoft Office Word | =2007-sp3 | |
| Microsoft Office Word | =2010-sp1 | |
| Microsoft Office Word | =2010-sp1 | |
| Microsoft Office Word Viewer | ||
| Microsoft Office Web Apps | =2010-sp1 | |
| Microsoft SharePoint Server 2010 | =2010-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/ncas/alerts/TA13-253A
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18709
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18801
Frequently Asked Questions
What is the severity of CVE-2013-3858?
CVE-2013-3858 is rated as critical due to its potential to allow remote code execution or denial of service.
How do I fix CVE-2013-3858?
To fix CVE-2013-3858, ensure that you apply the latest Microsoft security updates and patches.
Which software versions are affected by CVE-2013-3858?
CVE-2013-3858 affects Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1, Office Compatibility Pack SP3, SharePoint Server 2010 SP1, and Office Web Apps 2010 SP1.
Can CVE-2013-3858 be exploited remotely?
Yes, CVE-2013-3858 can be exploited by remote attackers to execute arbitrary code.
What are the potential impacts of CVE-2013-3858?
The potential impacts of CVE-2013-3858 include unauthorized execution of code and memory corruption leading to denial of service.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/sp3
- canonical/microsoft office word
- version/microsoft office word/2003-sp3
- version/microsoft office word/2007-sp3
- version/microsoft office word/2010-sp1
- canonical/microsoft office word viewer
- canonical/microsoft office web apps
- version/microsoft office web apps/2010-sp1
- canonical/microsoft sharepoint server 2010
- version/microsoft sharepoint server 2010/2010-sp1