Microsoft Office Security Feature Bypass Vulnerability

Last Update Date: 11 Feb 2015 10:23 Release Date: 11 Feb 2015 3608 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A security feature bypass vulnerability exists in Microsoft Office when it fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Office Remote Code Execution Vulnerabilities

11 Feb 2015 3588 Views

Next

Microsoft Windows Group Policy Security Feature Bypass Vulnerability

11 Feb 2015 3653 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY