The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

cybersecurity note CVE-2014-6362

Microsoft Office: bypassing ASLR

Synthesis of the vulnerability

An attacker can bypass ASLR via Microsoft Office, in order to ease the exploitation of another vulnerability.
Severity of this alert: 2/4.
Creation date: 10/02/2015.
Références of this alert: 3033857, CERTFR-2015-AVI-064, CVE-2014-6362, MS15-013, VIGILANCE-VUL-16163.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Systems use ASLR in order to randomize memory addresses used by programs and libraries.

However, Microsoft Office allows an attacker to bypass this security feature.

An attacker can therefore bypass ASLR via Microsoft Office, in order to ease the exploitation of another vulnerability.
Full Vigil@nce bulletin... (Free trial)

This computer weakness announce impacts software or systems such as Office, Access, Excel, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.

Our Vigil@nce team determined that the severity of this security alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability.

Solutions for this threat

Microsoft Office: patch for ASLR.
A patch is available in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities patch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.