Microsoft reveals and patches Office vulnerability Credit: Martyn WilliamsIDG

Microsoft reveals and patches Office vulnerability

Microsoft has revealed an information disclosure vulnerability within Microsoft Office, which improperly discloses contents of its memory.

The exploitation of this vulnerability, which was discovered by Mimecast Research Labs, could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.

Mimecast Research Labs discovered the vulnerability in Microsoft Office applications when using ActiveX control objects.

According to the company, the vulnerability exists because the MSO.DLL appears to improperly disclose the contents of its process memory.

"An attacker who successfully exploits this vulnerability could obtain information to further compromise a user’s system (bypass ASLR) or to read sensitive and/or private information stored in memory such as passwords, certificates, http requests and domain/user information," Mimecast said in a statement.

Microsoft said that to exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it.

"An attacker must know the memory address location where the object was created."

Microsoft has issued an update to address the vulnerability while Mimecast stated that it is not aware of any actual exploitation of the vulnerability.

Read more: Mimecast to start offering partners prizes in return for sales numbers


« Mingis on Tech: As blockchain hype cools, a 'trough of disillusionment' for 2019?


The Iotty Smart Switch is one of the most elegant lighting controls you'll see at CES »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends


Is your organization fully GDPR compliant?