CVE-2013-5057

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP3 Microsoft Office 2010 SP1 Microsoft Office 2010 SP2

Description A security issue exists due to the lack of Address Space Layout Randomization (ASLR) protection, making it easier for attackers to execute arbitrary code. This is achieved via a crafted COM component on a visited web site with Internet Explorer. The issue has been exploited in the wild. ASLR is a security feature that randomizes the location of executable code in memory to prevent attackers from predicting where their malicious code will be loaded. Without ASLR, attackers can more easily predict where their code will be loaded, making it easier to exploit vulnerabilities.

Recommendations For Microsoft Office 2007 SP3, update to a version that implements the ASLR protection mechanism. For Microsoft Office 2010 SP1, update to a version that implements the ASLR protection mechanism. For Microsoft Office 2010 SP2, update to a version that implements the ASLR protection mechanism.