hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka “HXDS ASLR Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
office | eq | 2010 sp1-x86 | |
office | eq | 2007 sp3 | |
office | eq | 2010 sp2-x64 | |
office | eq | 2010 sp1-x64 | |
office | eq | 2010 sp2-x86 |