HXDS ASLR Vulnerability

CVE-2013-5057 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability."

Learn more about our Cis Benchmark Audit For Microsoft Office.