Menu
Microsoft reveals and patches Office vulnerability

Microsoft reveals and patches Office vulnerability

Mimecast Research Labs discovered a Microsoft Office information exposure vulnerability

Credit: Photo 69434098 © Dennizn - Dreamstime.com

Microsoft has revealed an information disclosure vulnerability within Microsoft Office, which improperly discloses contents of its memory.

The exploitation of this vulnerability, which was discovered by Mimecast Research Labs, could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.

Mimecast Research Labs discovered the vulnerability in Microsoft Office applications when using ActiveX control objects.

According to the company, the vulnerability exists because the MSO.DLL appears to improperly disclose the contents of its process memory.

"An attacker who successfully exploits this vulnerability could obtain information to further compromise a user’s system (bypass ASLR) or to read sensitive and/or private information stored in memory such as passwords, certificates, http requests and domain/user information," Mimecast said in a statement.

Microsoft said that to exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it.

"An attacker must know the memory address location where the object was created."

Microsoft has issued an update to address the vulnerability while Mimecast stated that it is not aware of any actual exploitation of the vulnerability.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags microsoft officeMimecastvulnerability

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments