First published: Wed Oct 09 2013(Updated: )
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office Excel | =2010-sp2 | |
Microsoft Excel | =2010-sp2 | |
Microsoft Office Excel | =2013 | |
Microsoft Excel | =2013 | |
Microsoft Office Excel Viewer | ||
Microsoft Office | =2007-sp3 | |
Microsoft Office | =2010-sp1 | |
Microsoft Office | =2010-sp1 | |
Microsoft Office | =2011 | |
Microsoft Office | =2013 | |
Microsoft Office 2013 | ||
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =sp3 | |
Microsoft Office Web Apps | =2010-sp1 | |
Microsoft Office Web Apps | =2010-sp2 | |
Microsoft SharePoint Server 2010 | =2007-sp3 | |
Microsoft SharePoint Server 2010 | =2013 | |
Microsoft SharePoint Server 2010 | =2010-sp1 | |
Microsoft SharePoint Server 2010 | =2010-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-3889 is considered critical as it allows remote attackers to execute arbitrary code.
To fix CVE-2013-3889, install the appropriate security updates provided by Microsoft for affected versions of Excel and Office.
CVE-2013-3889 affects Microsoft Excel 2007 SP3, 2010 SP1 and SP2, and 2013, as well as Microsoft Office and SharePoint Server versions 2007, 2010, and 2013.
Yes, CVE-2013-3889 can be exploited through malicious email attachments that contain specially crafted Excel files.
CVE-2013-3889 is associated with remote code execution attacks, allowing attackers to gain control over the affected system.