⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2013-5057Microsoft Office vulnerability

CWE-2645 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
14.8%
top 5.47%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft Office
Timeline
PublishedDec 11
Latest updateMay 14

Description

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/office2007, 2010+1

🔴Vulnerability Details

2
GHSA
GHSA-prwx-pv5g-49qx: hxds2022-05-14
VulnCheck
Microsoft Office 2007 SP3 and 2010 SP1 and SP2 HXDS ASLR Vulnerability2013

🕵️Threat Intelligence

2
Talos
Microsoft Update Tuesday: December 2013, some 0-day fixes2013-12-10
Talos
Microsoft Update Tuesday: December 2013, some 0-day fixes2013-12-10
CVE-2013-5057 — Microsoft Office vulnerability | cvebase