MS13-044: Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)

Medium Nessus Plugin ID 66419


The remote Visio install is affected by an information disclosure vulnerability.


The remote host contains a version of Microsoft Visio that is affected by an information disclosure vulnerability due to a flaw in the way Visio parses specially crafted XML files containing external entities.

By tricking a user into opening a specially crafted file with Visio, a remote attacker may be able to read files on the target system.


Microsoft has released a set of patches for Microsoft Visio 2010 SP1, Microsoft Visio 2007 SP3, and Microsoft Visio 2003 SP3.

See Also

Plugin Details

Severity: Medium

ID: 66419

File Name: smb_nt_ms13-044.nasl

Version: 1.11

Type: local

Agent: windows

Published: 2013/05/15

Updated: 2018/11/15

Dependencies: 13855, 57033

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:visio

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/05/14

Vulnerability Publication Date: 2013/05/14

Reference Information

CVE: CVE-2013-1301

BID: 59765

MSFT: MS13-044

MSKB: 2596595, 2810062, 2810068