MS15-013: Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
Medium Nessus Plugin ID 81266
SynopsisThe remote Windows host is affected by a security bypass vulnerability.
DescriptionThe Microsoft Office installed on the remote host is affected by a security bypass vulnerability due to a failure to use the Address Space Layout Randomization (ASLR) security feature. By convincing a user to open a specially crafted Office file, a remote attacker can use this flaw to predict the memory offsets of specific instructions in a given call stack. The attacker can then utilize this information to more easily exploit additional vulnerabilities.
SolutionMicrosoft has released a set of patches for Office 2007, 2010, and 2013.