SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Office Vendors:   Microsoft
Microsoft Office Lets Remote Users Bypass Address Space Layout Randomization
SecurityTracker Alert ID:  1031721
SecurityTracker URL:  http://securitytracker.com/id/1031721
CVE Reference:   CVE-2014-6362   (Links to External Site)
Date:  Feb 10 2015
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2007, 2010, 2013
Description:   A vulnerability was reported in Microsoft Office. A remote user can bypass the Address Space Layout Randomization (ASLR) security feature.

A remote user can create a specially crafted Office file that, when opened by the target user, will bypass the Address Space Layout Randomization (ASLR) security feature and obtain information about the stack memory layout. This information can be used to facilitate exploitation of separate vulnerabilities.

Impact:   A remote user can bypass the Address Space Layout Randomization (ASLR) security feature.
Solution:   The vendor has issued the following fixes:

Microsoft Office 2007 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=FF4435B7-1572-45BF-82B9-49301C590540

Microsoft Office 2010 Service Pack 2 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=A3FD018E-F29F-47D7-AFD5-1CCAB192CB23

Microsoft Office 2010 Service Pack 2 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=E62A5C9D-52A0-4FF6-B068-331E82B2A31A

Microsoft Office 2013 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=D36AB0AF-A809-4052-BCC4-E815F5FBCC03

Microsoft Office 2013 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=BB4D5461-F196-4F49-8B50-7A5D1B167BA9

Microsoft Office 2013 Service Pack 1 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=D36AB0AF-A809-4052-BCC4-E815F5FBCC03

Microsoft Office 2013 Service Pack 1 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=BB4D5461-F196-4F49-8B50-7A5D1B167BA9

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-013

Vendor URL:  technet.microsoft.com/library/security/ms15-013 (Links to External Site)
Cause:   Randomization error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC