The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2014-6362

Microsoft Office: bypassing ASLR

Synthesis of the vulnerability

An attacker can bypass ASLR via Microsoft Office, in order to ease the exploitation of another vulnerability.
Impacted systems: Office, Access, Excel, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity of this alert: 2/4.
Consequences of an intrusion: user access/rights.
Pirate's origin: document.
Creation date: 10/02/2015.
Références of this alert: 3033857, CERTFR-2015-AVI-064, CVE-2014-6362, MS15-013, VIGILANCE-VUL-16163.

Description of the vulnerability

Systems use ASLR in order to randomize memory addresses used by programs and libraries.

However, Microsoft Office allows an attacker to bypass this security feature.

An attacker can therefore bypass ASLR via Microsoft Office, in order to ease the exploitation of another vulnerability.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities bulletin. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.