Kaspersky LabKLA10456KLA10456 SB vulnerability in MS Office
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.063 Low
EPSS
Percentile
93.7%
An use-after-free vulnerability was found in Microsoft Office. By exploiting this vulnerability malicious users can bypass ASLR protection. This vulnerability can be exploited remotely via a specially designed document.
Original advisories
Related products
CVE list
CVE-2014-6362 warning
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Microsoft Office 2007 Service Pack 3Β Microsoft Office 2010 Service Pack 2Microsoft Office 2013Microsoft Office 2013 Service Pack 1
References
support.microsoft.com/kb/2910941
support.microsoft.com/kb/2920748
support.microsoft.com/kb/2920795
support.microsoft.com/kb/3033857
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6362
statistics.securelist.com/
technet.microsoft.com/en-us/library/security/ms15-013.aspx
threats.kaspersky.com/en/product/Microsoft-Office/
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.063 Low
EPSS
Percentile
93.7%