{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T11:19:59.801","vulnerabilities":[{"cve":{"id":"CVE-2013-3870","sourceIdentifier":"secure@microsoft.com","published":"2013-09-11T14:03:48.677","lastModified":"2025-04-11T00:51:21.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka \"Message Certificate Vulnerability.\""},{"lang":"es","value":"Vulnerabilidad de doble liberación en Microsoft Outlook 2007 (SP3) y 2010 (SP1 y SP2) permite a atacantes remotos ejecutar código a discrección incluyendo varios certificados S/MIME anidados en un mensaje de correo electrónico, tambien conocido como \"Vulnerabilidad de Certificado de Mensaje\"."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:2007:sp3:*:*:*:*:*:*","matchCriteriaId":"8B32CD31-398A-4078-8B5B-B39DB9DB9A35"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:2010:sp1:*:*:*:*:x64:*","matchCriteriaId":"92BC9C1B-12DB-490E-BFFD-EAED658B8613"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:2010:sp1:*:*:*:x86:*:*","matchCriteriaId":"99B1C3FD-27CF-43CD-9F25-1A1ED29E4DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:x64:*","matchCriteriaId":"61826B69-4D5C-46DD-9F55-21A7C09A2819"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:x86:*:*","matchCriteriaId":"5D8C49EA-7FF2-4393-A05A-ED3AD4796CD5"}]}]}],"references":[{"url":"http://blogs.technet.com/b/srd/archive/2013/09/10/assessing-risk-for-the-september-2013-security-updates.aspx","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"http://blogs.technet.com/b/srd/archive/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook.aspx","source":"secure@microsoft.com","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.us-cert.gov/ncas/alerts/TA13-253A","source":"secure@microsoft.com","tags":["US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-068","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18857","source":"secure@microsoft.com"},{"url":"http://blogs.technet.com/b/srd/archive/2013/09/10/assessing-risk-for-the-september-2013-security-updates.aspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://blogs.technet.com/b/srd/archive/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook.aspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.us-cert.gov/ncas/alerts/TA13-253A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-068","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18857","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}