CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-3847

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile41.80th
Published2013年9月11日
Last Modified2026年4月29日

Vulnerability Description

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.

Affected Platforms (CPE)

📦
Microsoft

Sharepoint Foundation

= 2010
📦
Microsoft

Sharepoint Foundation

= 2010
📦
Microsoft

Sharepoint Portal Server

= 2003
📦
Microsoft

Sharepoint Server

= 2010
📦
Microsoft

Sharepoint Server

= 2010
📦
Microsoft

Sharepoint Services

= 2.0
📦
Microsoft

Sharepoint Services

= 3.0
📦
Microsoft

Office Web Apps

= 2010
📦
Microsoft

Office Compatibility Pack

All versions
📦
Microsoft

Word

= 2003
📦
Microsoft

Word

= 2007
📦
Microsoft

Word

= 2010
📦
Microsoft

Word Viewer

All versions

References & Advisories

🔗 http://www.us-cert.gov/ncas/alerts/TA13-253A
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988
🔗 http://www.us-cert.gov/ncas/alerts/TA13-253A
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072

関連する脆弱性情報

CVE-2015-16829.3

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP...

CVE-2014-28169.3

Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain...

CVE-2015-00859.3

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Ex...

CVE-2014-02519.0

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Fou...