CVE-2014-1809
Description
The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka MSCOMCTL ASLR Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
9.953
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Microsoft Office 2007 suites (KB2596804) | Windows |
| Security Update for Microsoft Office 2007 suites (KB2817330) | Windows |
| Security Update for Microsoft Office 2007 suites (KB2880508) | Windows |
| Security Update for Microsoft Office 2007 suites (KB2880507) | Windows |
| Security Update for Microsoft Office 2010 (KB2589288) 32-Bit Edition | Windows |
| Security Update for Microsoft Office 2010 (KB2589288) 64-Bit Edition | Windows |
| Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition | Windows |
| Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition | Windows |
| Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition | Windows |
| Security Update for Microsoft Office 2013 (KB2760272) 32-Bit Edition | Windows |
| Security Update for Microsoft Office 2013 (KB2760272) 64-Bit Edition | Windows |
| Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-15461 | Security Update for Microsoft Office 2010 (KB2589288) 32-Bit Edition |
| PATCH-15462 | Security Update for Microsoft Office 2010 (KB2589288) 64-Bit Edition |
| PATCH-15465 | Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition |
| PATCH-15466 | Security Update for Microsoft Office 2013 (KB2760272) 32-Bit Edition |
| PATCH-15467 | Security Update for Microsoft Office 2013 (KB2760272) 64-Bit Edition |
| PATCH-15468 | Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234