MS13-106: Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)
Medium Nessus Plugin ID 71321
SynopsisThe remote Windows host is affected by a security feature bypass vulnerability.
DescriptionThe remote Windows host is running a version of Microsoft Office that contains a shared component that is affected by a security feature bypass. Successful exploitation of the issue can allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.
An attacker would need to entice a victim to visit a specially crafted web page with a browser capable of instantiating COM components in order to trigger the issue.
SolutionMicrosoft has released a set of patches for Microsoft Office 2007 and 2010.