CVE-2014-1808

Published: May 14, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability."

Affected (2)

Products: Microsoft: Office

Microsoft

1 product

Office

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2013
Microsoft Office	Version 2013 sp1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-023

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-023

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.