Microsoft reveals and patches Office vulnerability Credit: Martyn WilliamsIDG
Security

Microsoft reveals and patches Office vulnerability

Microsoft has revealed an information disclosure vulnerability within Microsoft Office, which improperly discloses contents of its memory.

The exploitation of this vulnerability, which was discovered by Mimecast Research Labs, could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.

Mimecast Research Labs discovered the vulnerability in Microsoft Office applications when using ActiveX control objects.

According to the company, the vulnerability exists because the MSO.DLL appears to improperly disclose the contents of its process memory.

"An attacker who successfully exploits this vulnerability could obtain information to further compromise a user’s system (bypass ASLR) or to read sensitive and/or private information stored in memory such as passwords, certificates, http requests and domain/user information," Mimecast said in a statement.

Microsoft said that to exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it.

"An attacker must know the memory address location where the object was created."

Microsoft has issued an update to address the vulnerability while Mimecast stated that it is not aware of any actual exploitation of the vulnerability.

Read more: Mimecast to start offering partners prizes in return for sales numbers

PREVIOUS ARTICLE

« HomeKit was a surprise winner of CES 2019. Now Siri needs to get a whole lot better

NEXT ARTICLE

The Iotty Smart Switch is one of the most elegant lighting controls you'll see at CES »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?