MS15-013 Vulnerability in Microsoft Office Could Allow Security Feature Bypass
2015-02-10 This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Microsoft Office Component Use After Free Vulnerability
- A security feature bypass vulnerability exists in Microsoft Office when it fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution.
CVE-2014-6362
Bulletin details at Microsoft.com
Related CVE Entries
Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability."
Max CVSS
4.3
EPSS Score
7.06%
Published
2015-02-11
Updated
2018-10-12