CVE-2014-6362

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 SP1

Description The issue allows remote attackers to bypass the Address Space Layout Randomization (ASLR) protection mechanism. This is achieved via a crafted document. ASLR is a security feature that randomizes the location of executable code and data in memory to prevent attackers from predicting where specific instructions are located. By bypassing ASLR, an attacker can more reliably predict memory offsets, making it easier to exploit other vulnerabilities. However, this bypass by itself does not allow arbitrary code execution. It could be used in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office 2007 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2010 SP2, update to a version that includes the fix for this issue. For Microsoft Office 2013 Gold and SP1, update to a version that includes the fix for this issue.