| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-013 | Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) | Microsoft Office | Important | 11-02-2015 |
Technical Information
Brief overview of the risk:
The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution.
Detailed Information on the risk:
A security feature bypass vulnerability exists in Microsoft Office when it fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.
Further information on this exploit is available at : MS15-013
Microsoft Office 2010
Microsoft Office 2013
Affected Software
Microsoft Office 2007Microsoft Office 2010
Microsoft Office 2013