CVE-2013-1301

CVE Database · CVE-2013-1301

CVE-2013-1301

· N/AModified

CVSS v3.1

N/A

EPSS

16.71%

Published

May 15, 2013

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."

Weaknesses (CWE)

CWE-200

Affected Products (3)

microsoft · visiovulnerable

References (6)

http://www.us-cert.gov/ncas/alerts/TA13-134A

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750

http://www.us-cert.gov/ncas/alerts/TA13-134A

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-044

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16750

KEV Catalog EPSS Scores Vendors All CVEs