CyberSec.Space Logo
Back to CVE Browser

CVE-2013-3857

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile2.85th
PublishedSep 11, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Sharepoint Server

= 2010
πŸ“¦
Microsoft

Sharepoint Server

= 2010
πŸ“¦
Microsoft

Office Compatibility Pack

All versions
πŸ“¦
Microsoft

Word

= 2003
πŸ“¦
Microsoft

Word

= 2007
πŸ“¦
Microsoft

Word

= 2010
πŸ“¦
Microsoft

Word

= 2010
πŸ“¦
Microsoft

Word

= 2010
πŸ“¦
Microsoft

Word

= 2010
πŸ“¦
Microsoft

Word Viewer

All versions
πŸ“¦
Microsoft

Office Web Apps

= 2010
πŸ“¦
Microsoft

Office Web Apps

= 2010

References & Advisories

πŸ”— http://www.us-cert.gov/ncas/alerts/TA13-253A
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18741
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18942
πŸ”— http://www.us-cert.gov/ncas/alerts/TA13-253A
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072

Related Vulnerabilities

CVE-2013-133010.0

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Off...

CVE-2020-15959.9

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data inpu...

CVE-2020-12109.9

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a...

CVE-2020-10259.8

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OA...