Microsoft Office Common Control Library Security Feature Bypass Vulnerability
RISK: Medium Risk
TYPE: Clients - Productivity Products
A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.
Impact
- Security Restriction Bypass
System / Technologies affected
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft Office 2013 and Microsoft Office 2013 RT
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS14-024
Vulnerability Identifier
Source
Related Link
Share with