QwikSec

Security Database

CVE

CWE

Training

CVE-2013-5057

Published: Dec 11, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MS

http://blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspx

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.