<< Back
CVE Number Vulnerability Product Severity Date
MS15-013 Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) Microsoft Office Important 11-02-2015

Technical Information

Brief overview of the risk:
The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution.

Detailed Information on the risk:

A security feature bypass vulnerability exists in Microsoft Office when it fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.


Further information on this exploit is available at : MS15-013

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013

Affected Software

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013