CVE-2016-0137

Vulnerability

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and Microsoft Office 2016 fails to properly handle memory addresses, allowing a local attacker to bypass Address Space Layout Randomization (ASLR). The vulnerability resides in the C2R component and affects only these two Office versions. [1]

Exploitation

An attacker must have local access to the system and be able to execute a crafted application. The application exploits the flaw in C2R's memory address handling, enabling the attacker to predict memory locations that should be randomized by ASLR. No special privileges or user interaction beyond local execution are required. [1]

Impact

Successful exploitation degrades the effectiveness of ASLR, a key exploit mitigation. This information disclosure reduces the effort needed to exploit other vulnerabilities, potentially facilitating further attacks such as remote code execution. The attacker does not gain direct code execution or elevated privileges solely from this bypass. [1]

Mitigation

Microsoft released security update MS16-107 (KB3185852) on September 13, 2016, which addresses this issue. All affected users should install the update. No workarounds are documented. The vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog. [1]