Detections
Analytics
MS13-044: Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
medium Nessus Plugin ID 66419
Language:
Synopsis
The remote Visio install is affected by an information disclosure vulnerability.Description
The remote host contains a version of Microsoft Visio that is affected by an information disclosure vulnerability due to a flaw in the way Visio parses specially crafted XML files containing external entities.By tricking a user into opening a specially crafted file with Visio, a remote attacker may be able to read files on the target system.
Solution
Microsoft has released a set of patches for Microsoft Visio 2010 SP1, Microsoft Visio 2007 SP3, and Microsoft Visio 2003 SP3.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-044
Plugin Details
Severity: Medium
ID: 66419
File Name: smb_nt_ms13-044.nasl
Version: 1.11
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 5/15/2013
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:visio
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 5/14/2013
Vulnerability Publication Date: 5/14/2013
Reference Information
CVE: CVE-2013-1301
BID: 59765