← back
CVE-2013-5057

CVE-2013-5057

EPSS 9.9%
hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability."
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspxhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-106