Multiple vulnerabilities in Microsoft Office
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2015-2375 CVE-2015-2378 CVE-2015-2415 CVE-2015-2380 CVE-2015-2379 CVE-2015-2377 CVE-2015-2376 |
| CWE-ID | CWE-401 CWE-426 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft Excel Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications Excel Viewer Client/Desktop applications / Office applications Microsoft Word Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications Microsoft SharePoint Server Server applications / Application servers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Security bypass
EUVDB-ID: #VU5561
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2375
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass Address Space Layout Randomization on the target system.
The weakness exists due to insecure memory release. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and bypass ASLR mechanism.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
Install update from vendor's website.
Microsoft Excel: 2010 - 2013 RT Service Pack 1
Microsoft SharePoint Server: 2010 - 2013
Microsoft Office: 2007 - 2010
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Untrusted Search Path
EUVDB-ID: #VU5560
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2378
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure .dll loading when processing Excel files. A remote attacker can place a specially crafted DLL file on a remote SMB or WebDav share along with Excel document, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Excel Viewer: 2007
Microsoft Excel: 2007 - 2010
Microsoft Office: 2007 - 2010
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU5558
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2415
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website.
Microsoft Excel: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU5557
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2380
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malicious Word file. A remote attacker can create a specially crafted Microsoft Word file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website.
Microsoft Word: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU5556
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2379
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Microsoft Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website.
Microsoft Word: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
Microsoft Office for Mac: 2011
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU5555
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2377
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website.
Microsoft Excel: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU5554
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2376
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website.
Excel Viewer: 2007
Microsoft Excel: 2007 - 2013
Microsoft Office for Mac: 2011
Microsoft SharePoint Server: 2007 - 2013
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
