Skip to main content

Microsoft Office Common Control Library Security Feature Bypass Vulnerability

Last Update Date: 14 May 2014 14:45 Release Date: 14 May 2014 3553 Views

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.


Impact

  • Security Restriction Bypass

System / Technologies affected

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013 and Microsoft Office 2013 RT

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link