Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Microsoft Office
Опубликовано:16 декабря 2013 г.
Источник:
SecurityVulns ID:13458
Тип:библиотека
Уровень опасности:
6/10
Описание:Утечка информации при работе с файлами Sharepoint, утечка информации в Microsoft Office Shared Component.
Затронутые продукты:MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability.")
 CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-104 - Important Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
 Microsoft Security Bulletin MS13-106 - Important Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород