Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office security vulnerabilities
Published:16.12.2013
Source:
SecurityVulns ID:13458
Type:library
Threat Level:
6/10
Description:Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage.
Affected:MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability.")
 CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability.")
Files:Microsoft Security Bulletin MS13-104 - Important Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
 Microsoft Security Bulletin MS13-106 - Important Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod