Vulnerability Description
Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2013 |
| Microsoft | Office 2013 Rt | - |
Related Weaknesses (CWE)
References
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-10
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-10
FAQ
What is CVE-2013-5054?
CVE-2013-5054 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in ...
How severe is CVE-2013-5054?
CVE-2013-5054 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5054?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office 2013 Rt.