Lucene search

[email protected]CVE-2013-5057

HistoryDec 11, 2013 - 12:55 a.m.

CVE-2013-5057

2013-12-1100:55:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-5057

hxds aslr vulnerability

microsoft office

aslr

remote code execution

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.561 Medium

EPSS

Percentile

97.7%

JSON

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka “HXDS ASLR Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2007sp3

microsoftofficeMatch2010sp1x64

microsoftofficeMatch2010sp1x86

microsoftofficeMatch2010sp2x64

microsoftofficeMatch2010sp2x86

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2010

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2010

References

blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspx

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-106

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.561 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2013-5057

openvas2 cvelist1 nessus1 symantec1 prion1 mskb1 nvd1 securityvulns1