Unrated severityNVD Advisory· Published Sep 11, 2013· Updated Apr 29, 2026

CVE-2013-3160

Description

Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."

Affected products

Microsoft/Office2 versions
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
Microsoft/Word2 versions
cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
Microsoft/Word Viewer
cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/ncas/alerts/TA13-253AnvdThird Party AdvisoryUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18819nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000