(MS14-024) Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)

• Email
• Facebook
• 
  Twitter
• Google+
• Linkedin

  Severity: HIGH

  Advisory Date: JUN 04, 2014

---

  DESCRIPTION

This security update addresses a vulnerability found in the implementation of the MSCOMCTL common controls library. Once exploited, remote attackers can bypass the Address Space Layout Randomization (ASLR) security feature, thus potentially opening the affected system to possible attacks leveraging vulnerabilities.

  SOLUTION

  PATCH: https://technet.microsoft.com/library/security/ms14-024

  AFFECTED SOFTWARE AND VERSION

• Microsoft Office 2010 Service Pack 1 (32-bit editions)
• Microsoft Office 2010 Service Pack 2 (64-bit editions)
• Microsoft Office 2010 Service Pack 2 (32-bit editions)
• Microsoft Office 2007 Service Pack 3
• Microsoft Office 2013 (32-bit editions)
• Microsoft Office 2013 Service Pack 1 (32-bit editions)
• Microsoft Office 2010 Service Pack 1 (64-bit editions)
• Microsoft Office 2013 (64-bit editions)
• Microsoft Office 2013 Service Pack 1 (64-bit editions)
• Microsoft Office 2013 RT
• Microsoft Office 2013 RT Service Pack 1