(MS13-104) Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2013-5054
Date du conseil: 26 décembre 2013
Description
This security update resolves one privately reported vulnerability in Microsoft Office that could allow information disclosure if a user attempts to open an Office file hosted on a malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.
Solutions
Affected software and version:
- Microsoft Office 2013 (32-bit editions)
- Microsoft Office 2013 R