#VU4346 ASLR bypass in Microsoft Office - CVE-2013-5057
Published: January 12, 2017 / Updated: March 11, 2017
Vulnerability identifier: #VU4346
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2013-5057
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft Office
Microsoft Office
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The weakness exists due to improper implementation of Address Space Layout Randomization (ASLR) within HXDS Office shared component. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and bypass the ASLR security feature.
Successful exploitation of the vulnerability may result in attacker's access to the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to improper implementation of Address Space Layout Randomization (ASLR) within HXDS Office shared component. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and bypass the ASLR security feature.
Successful exploitation of the vulnerability may result in attacker's access to the vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website.