Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2015-2376 CVE-2015-2377 CVE-2015-2379 CVE-2015-2380 CVE-2015-2415 CVE-2015-2424 CVE-2015-2375 CVE-2015-2378 |
| CWE-ID | CWE-119 CWE-122 CWE-401 CWE-426 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #6 is being exploited in the wild. |
| Vulnerable software Subscribe |
Excel Viewer Client/Desktop applications / Office applications Microsoft Excel Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications Microsoft Word Client/Desktop applications / Office applications Microsoft PowerPoint Client/Desktop applications / Office applications Microsoft SharePoint Server Server applications / Application servers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU5554
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2376
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsExcel Viewer: 2007
Microsoft Excel: 2007 - 2013
Microsoft Office for Mac: 2011
Microsoft SharePoint Server: 2007 - 2013
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU5555
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2377
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsMicrosoft Excel: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU5556
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2379
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Microsoft Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsMicrosoft Word: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
Microsoft Office for Mac: 2011
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU5557
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2380
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malicious Word file. A remote attacker can create a specially crafted Microsoft Word file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsMicrosoft Word: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU5558
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2415
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsMicrosoft Excel: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU5559
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2015-2424
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow when processing Office files. A remote attacker can create a specially crafted Office file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install updates from Microsoft website.
Vulnerable software versionsMicrosoft Word: 2007 - 2013
Microsoft PowerPoint: 2007 - 2013 RT Service Pack 1
Microsoft Office: 2007 - 2013 RT
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
7) Security bypass
EUVDB-ID: #VU5561
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2375
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass Address Space Layout Randomization on the target system.
The weakness exists due to insecure memory release. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and bypass ASLR mechanism.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsMicrosoft Excel: 2010 - 2013 RT Service Pack 1
Microsoft SharePoint Server: 2010 - 2013
Microsoft Office: 2007 - 2010
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Untrusted Search Path
EUVDB-ID: #VU5560
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2378
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure .dll loading when processing Excel files. A remote attacker can place a specially crafted DLL file on a remote SMB or WebDav share along with Excel document, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsExcel Viewer: 2007
Microsoft Excel: 2007 - 2010
Microsoft Office: 2007 - 2010
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
