HTTP: Microsoft Visio Crafted XML File Information Disclosure
This signature detects attempts to exploit a known vulnerability in the Microsoft Visio diagramming and vector graphics application. A successful attack can lead to unauthorized information disclosure.
Extended Description
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
Affected Products
Microsoft visio
References
CVE: CVE-2013-1301
Short Name
HTTP:INFO-LEAK:MS-VISIO-XML
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-1301 Crafted Disclosure File Information Microsoft Visio XML
Release Date
05/10/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3