Executive Summary

Summary
TitleVulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
Informations
NameMS13-073First vendor Publication2013-09-10
VendorMicrosoftLast vendor Modification2013-09-13
Severity (Vendor) ImportantRevision1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Excel 2003 update (2810048), Microsoft Excel 2007 update (2760583), Microsoft Excel Viewer update (2760590), and Microsoft Office Compatibility Pack update (2760588). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".

Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. An attacker who successfully exploited the most severe vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-073

CWE : Common Weakness Enumeration

%idName
67 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
33 %CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18686
 
Oval ID: oval:org.mitre.oval:def:18686
Title: XML External Entities Resolution Vulnerability (CVE-2013-3159) - MS13-073
Description: Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3159
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel Viewer 2007
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18984
 
Oval ID: oval:org.mitre.oval:def:18984
Title: Microsoft Office Memory Corruption Vulnerability (CVE-2013-3158) - MS13-073
Description: Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3158
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Excel 2003
Microsoft Excel 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18950
 
Oval ID: oval:org.mitre.oval:def:18950
Title: Microsoft Office Memory Corruption Vulnerability (CVE-2013-1315) - MS13-073
Description: Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1315
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel Viewer 2007
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18543
 
Oval ID: oval:org.mitre.oval:def:18543
Title: Microsoft Office Memory Corruption Vulnerability (CVE-2013-1315) MS13-073 (Mac OS X)
Description: Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Family: macos Class: vulnerability
Reference(s): CVE-2013-1315
Version: 3
Platform(s): Apple Mac OS X
Apple Mac OS X Server
Product(s): Microsoft Office 2011 for Mac
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18333
 
Oval ID: oval:org.mitre.oval:def:18333
Title: Microsoft Office memory corruption vulnerability (CVE-2013-1315) - MS13-067
Description: Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1315
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft Office Web Apps
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application9
Application1
Application1
Application1
Application1
Application2
Application2
Application1
Application3
Application2

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-09-12IAVM : 2013-A-0174 - Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server
Severity : Category II - VMSKEY : V0040292
2013-09-12IAVM : 2013-A-0171 - Multiple Remote Code Execution Vulnerabilities in Microsoft Excel
Severity : Category I - VMSKEY : V0040295

Snort® IPS/IDS

DateDescription
2019-07-23Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50462 - Revision : 1 - Type : FILE-OFFICE
2019-07-23Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50461 - Revision : 1 - Type : FILE-OFFICE
2016-11-15Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 40460 - Revision : 3 - Type : FILE-OFFICE
2016-11-15Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 40459 - Revision : 3 - Type : FILE-OFFICE
2016-07-26Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39347 - Revision : 2 - Type : FILE-OFFICE
2016-07-26Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39346 - Revision : 2 - Type : FILE-OFFICE
2014-04-24Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 30243 - Revision : 5 - Type : FILE-OFFICE
2014-04-24Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 30242 - Revision : 5 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel invalid external defined names read AV attempt
RuleID : 27825 - Revision : 2 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel invalid external defined names read AV attempt
RuleID : 27824 - Revision : 2 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation ...
RuleID : 27821 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation ...
RuleID : 27820 - Revision : 4 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

DateDescription
2013-09-11Name : The remote host is affected by multiple vulnerabilities.
File : smb_nt_ms13-067.nasl - Type : ACT_GATHER_INFO
2013-09-11Name : It is possible to execute arbitrary code on the remote host through Microsoft...
File : smb_nt_ms13-073.nasl - Type : ACT_GATHER_INFO
2013-09-11Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms13-073.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2014-04-24 21:21:58
  • Multiple Updates
2014-02-17 11:47:46
  • Multiple Updates
2014-01-19 21:30:59
  • Multiple Updates
2013-11-11 12:41:36
  • Multiple Updates
2013-10-11 13:30:51
  • Multiple Updates
2013-09-13 21:16:38
  • Multiple Updates
2013-09-11 21:22:45
  • Multiple Updates
2013-09-10 21:27:15
  • Multiple Updates
2013-09-10 21:20:44
  • First insertion