Back to KEVs

CVE-2013-5057

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 06, 2013
Published Date
December 11, 2013
Last Updated
August 06, 2024
Vendor
Microsoft
Product
Office
Description
hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability."

CVSS Scores

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild
Yes (2013-12-11 00:00:00 UTC) Source

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-106 http://blogs.technet.com/b/srd/archive/2013/12/09/ms13-106-another-aslr-bypass-is-gone.aspx

Known Exploited Vulnerability Information

Source Added Date
CVE 2013-12-11 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel