Back
CVE-2013-1331
HIGH
CISA KEV
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
Published: Jun 12, 2013
Modified: Apr 22, 2026
CWE-120
CWE-120
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (2)
| Vendor | Product | Version |
|---|---|---|
| microsoft | office | 2003 |
| microsoft | office | 2011 |
References (9)
- http://www.us-cert.gov/ncas/alerts/TA13-168A Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-051 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16713 Broken Link
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16732 Broken Link
- http://www.us-cert.gov/ncas/alerts/TA13-168A Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-051 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16713 Broken Link
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16732 Broken Link
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1331 US Government Resource
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
81.88%
Top 0% most likely to be exploited
Threat Score
85.8 / 100
CISA Known Exploited
Date Added:
2022-06-08
Due Date:
2022-06-22
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS