Microsoft Office Information Disclosure Vulnerability (2909976) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-104.

Impact

Successful exploitation will allow remote attackers to disclose certain sensitive information. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-104

Insight

The flaw is due to the application improperly handling response while attempting to open a hosted file and can be exploited to disclose tokens used to authenticate the user on a SharePoint or other Microsoft Office server site.

Affected

Microsoft Office 2013

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/55997
http://support.microsoft.com/kb/2850064
http://www.securitytracker.com/id/1029464
https://technet.microsoft.com/en-us/security/bulletin/ms13-104

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5054

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2813170)
Microsoft Windows Active Directory SPN Denial of Service (2478953)
Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)

Take action and discover your vulnerabilities