CVE-2013-1330

CVE Database · CVE-2013-1330

CVE-2013-1330

· N/AModified

CVSS v3.1

N/A

EPSS

30.20%

Published

Sep 11, 2013

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."

Weaknesses (CWE)

CWE-20

Affected Products (10)

microsoft · sharepoint_foundationvulnerable

microsoft · sharepoint_portal_servervulnerable

microsoft · sharepoint_servervulnerable

microsoft · sharepoint_servicesvulnerable

microsoft · office_web_appsvulnerable

microsoft · office_web_apps

References (8)

http://www.us-cert.gov/ncas/alerts/TA13-253A

US Government Resource