CVE-2013-3890

Published: Oct 9, 2013Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."

Affected (3)

Products: Microsoft: Excel, Excel Viewer, Office Compatibility Pack

Microsoft

3 products

Excel

Excel Viewer

Office Compatibility Pack

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2007 sp3
Microsoft Excel Viewer	All versions
Microsoft Office Compatibility Pack	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://www.us-cert.gov/ncas/alerts/TA13-288A

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926

Source: secure@microsoft.com

http://www.us-cert.gov/ncas/alerts/TA13-288A

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-085

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18926

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.