Microsoft Office Common Control Library Security Feature Bypass Vulnerability

Last Update Date: 14 May 2014 14:45 Release Date: 14 May 2014 3631 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013 and Microsoft Office 2013 RT

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Shell Handler Elevation of Privilege Vulnerability

14 May 2014 3612 Views

Next

Microsoft Active Directory Group Policy Preferences Elevation of Privilege Vulnerability

14 May 2014 3709 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY