Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2013-1331 | First vendor Publication | 2013-06-11 |
| Vendor | Cve | Last vendor Modification | 2025-02-10 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1331 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16713 | |||
| Oval ID: | oval:org.mitre.oval:def:16713 | ||
| Title: | Vulnerability in Microsoft Office could allow remote code execution - MS13-051 (Mac OS X) | ||
| Description: | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." | ||
| Family: | macos | Class: | vulnerability |
| Reference(s): | CVE-2013-1331 | Version: | 3 |
| Platform(s): | Apple Mac OS X Apple Mac OS X Server | Product(s): | Microsoft Office 2011 for Mac |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16732 | |||
| Oval ID: | oval:org.mitre.oval:def:16732 | ||
| Title: | Vulnerability in Microsoft Office could allow remote code execution - MS13-051 | ||
| Description: | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1331 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office 2003 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Office PNG File Handling Buffer Overflow | More info here |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-06-13 | IAVM : 2013-A-0121 - Microsoft Office Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0039073 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 6700 - Revision : 20 - Type : FILE-IMAGE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51206 - Revision : 1 - Type : FILE-IMAGE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51205 - Revision : 1 - Type : FILE-IMAGE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51204 - Revision : 1 - Type : FILE-IMAGE |
| 2019-09-24 | Microsoft Office PNG tEXt chunk buffer overflow attempt RuleID : 51203 - Revision : 1 - Type : FILE-IMAGE |
| 2014-03-27 | Microsoft Multiple Products potentially malicious PNG detected - large or inv... RuleID : 29945 - Revision : 4 - Type : FILE-IMAGE |
| 2014-03-27 | Microsoft Office PNG parsing stack buffer overflow attempt RuleID : 29944 - Revision : 4 - Type : FILE-IMAGE |
| 2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 26865 - Revision : 4 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-06-11 | Name : An application installed on the remote Mac OS X host is affected by a remote ... File : macosx_ms13-051.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote Office install has a buffer overflow vulnerability. File : smb_nt_ms13-051.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-02-11 17:21:36 |
|
| 2024-12-20 09:20:54 |
|
| 2024-11-28 12:33:53 |
|
| 2024-06-28 21:27:58 |
|
| 2021-05-04 12:24:16 |
|
| 2021-04-22 01:29:05 |
|
| 2020-05-23 00:36:25 |
|
| 2018-10-13 05:18:39 |
|
| 2017-09-19 09:25:52 |
|
| 2016-07-21 12:02:57 |
|
| 2014-03-27 21:20:54 |
|
| 2014-02-17 11:17:27 |
|
| 2014-01-19 21:29:14 |
|
| 2013-11-11 12:40:19 |
|
| 2013-11-04 21:26:06 |
|
| 2013-07-20 13:19:27 |
|
| 2013-06-21 21:18:57 |
|
| 2013-06-12 17:18:45 |
|
| 2013-06-12 13:18:52 |
|
