{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka \"MSCOMCTL ASLR Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS14-024", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2014-1809", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka \"MSCOMCTL ASLR Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS14-024", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:11.352Z"}, "title": "CVE Program Container", "references": [{"name": "MS14-024", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2014-1809", "datePublished": "2014-05-14T10:00:00", "dateReserved": "2014-01-29T00:00:00", "dateUpdated": "2024-08-06T09:50:11.352Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*", "matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*", "matchCriteriaId": "8383FADC-9391-4570-AAF9-92A952A4F04F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*", "matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*", "matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:*:*:*:*", "matchCriteriaId": "E926E35D-02F6-4EA0-83C5-31443D3A0F01", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka \"MSCOMCTL ASLR Vulnerability.\""}, {"lang": "es", "value": "La librar\u00eda MSCOMCTL en Microsoft Office 2007 SP3, 2010 SP1 y SP2 y 2013 Gold, SP1, RT y RT SP1 facilita a atacantes remotos evadir el mecanismo de protecci\u00f3n ASLR a trav\u00e9s de un sitio web manipulado, tal y como fue demostrado activamente en mayo 2014, tambi\u00e9n conocido como 'vulnerabilidad de ASLR de MSCOMCTL.'"}], "id": "CVE-2014-1809", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-05-14T11:13:06.490", "references": [{"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}