CVE-2013-0095 - Vulnerability Details - OpenCVE

Description

Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."

Published: 2013-03-13

Score: 5.0 Medium

EPSS: 29.3% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2008::mac:::::
	cpe:2.3:a:microsoft:office:2011::mac:::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.29252.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.us-cert.gov/ncas/alerts/TA13-071A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16082

History

No history.

Subscriptions

Microsoft Office

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2013-03-13T00:00:00.000Z

Updated: 2024-08-06T14:18:08.578Z

Reserved: 2012-11-27T00:00:00.000Z

Link: CVE-2013-0095

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-03-13T00:55:01.403

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-0095

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka \"Unintended Content Loading Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:16082", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16082"}, {"name": "TA13-071A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"}, {"name": "MS13-026", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-026"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2013-0095", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka \"Unintended Content Loading Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:16082", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16082"}, {"name": "TA13-071A", "refsource": "CERT", "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"}, {"name": "MS13-026", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-026"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:08.578Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:16082", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16082"}, {"name": "TA13-071A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"}, {"name": "MS13-026", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-026"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2013-0095", "datePublished": "2013-03-13T00:00:00.000Z", "dateReserved": "2012-11-27T00:00:00.000Z", "dateUpdated": "2024-08-06T14:18:08.578Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*", "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka \"Unintended Content Loading Vulnerability.\""}, {"lang": "es", "value": "Outlook en Microsoft Office para Mac 2008 anterior a v12.3.6 y Office para Mac 2011 anterior a v14.3.2 permite a atacantes remotos activar el acceso a una URL remota, y en consecuencia confirmar la prestaci\u00f3n de un mensaje de correo electr\u00f3nico HTML mediante la inclusi\u00f3n de elementos HTML5 no especificados y el aprovechamiento de la instalaci\u00f3n de un navegador WebKit en la m\u00e1quina de la v\u00edctima, tambi\u00e9n conocido como \"Unintended Content Loading Vulnerability\".\r\n"}], "id": "CVE-2013-0095", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-13T00:55:01.403", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-026"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-026"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16082"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}