Oval Definition:oval:org.mitre.oval:def:24454
Revision Date:2014-06-30Version:51
Title:MSCOMCTL ASLR Vulnerability (CVE-2014-1809) - MS14-024
Description:The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-1809
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Definition Synopsis
  • Office 2007
  • Any file version
  • Check if the version of mscomctl.ocx is less than 6.01.98.39
  • OR Check if the version of msaddndr.dll is less than 6.01.98.39
  • OR Check if the version of msstdfmt.dll is less than 6.01.98.39
  • AND Microsoft Office 2007 SP3 is installed
  • OR Office 2010
  • Any Microsoft Office 2010
  • Microsoft Office 2010 SP1 x86 is installed
  • OR Microsoft Office 2010 SP2 x86 is installed
  • OR Microsoft Office 2010 SP1 x64 is installed
  • OR Microsoft Office 2010 SP2 x64 is installed
  • AND Any File Version
  • Check if the version of msaddndr.dll is less than 6.01.98.39
  • OR Check if the version of mscomctl.ocx is less than 6.01.98.39
  • OR Office 2013
  • Any Office 2013
  • Microsoft Office 2013 is installed
  • OR Microsoft Office 2013 SP1 x64 is installed
  • OR Microsoft Office 2013 SP1 x86 is installed
  • AND Check if the version of mscomctl.ocx is less than 6.01.98.39
    • BACK