ASLR bypass in Microsoft Office - CVE-2013-5057
Published: January 12, 2017 / Updated: March 11, 2017
Vulnerability identifier: #VU4346
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2013-5057
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Office
Microsoft Office
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The weakness exists due to improper implementation of Address Space Layout Randomization (ASLR) within HXDS Office shared component. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and bypass the ASLR security feature.
Successful exploitation of the vulnerability may result in attacker's access to the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to improper implementation of Address Space Layout Randomization (ASLR) within HXDS Office shared component. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and bypass the ASLR security feature.
Successful exploitation of the vulnerability may result in attacker's access to the vulnerable system.
Note: the vulnerability was being actively exploited.
How to mitigate CVE-2013-5057
Install update from vendor's website.