Vulnerabilities in Microsoft Office Could Allow Remote Code Execution



Published: 2015-07-14
Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2015-2376
CVE-2015-2377
CVE-2015-2379
CVE-2015-2380
CVE-2015-2415
CVE-2015-2424
CVE-2015-2375
CVE-2015-2378
CWE-ID CWE-119
CWE-122
CWE-401
CWE-426
Exploitation vector Network
Public exploit Vulnerability #6 is being exploited in the wild.
Vulnerable software
Subscribe
Excel Viewer
Client/Desktop applications / Office applications

Microsoft Excel
Client/Desktop applications / Office applications

Microsoft Office for Mac
Client/Desktop applications / Office applications

Microsoft Office
Client/Desktop applications / Office applications

Microsoft Word
Client/Desktop applications / Office applications

Microsoft PowerPoint
Client/Desktop applications / Office applications

Microsoft SharePoint Server
Server applications / Application servers

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU5554

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2376

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.



Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Excel Viewer: 2007

Microsoft Excel: 2007 - 2013

Microsoft Office for Mac: 2011

Microsoft SharePoint Server: 2007 - 2013

Microsoft Office: 2007 - 2013 RT


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU5555

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2377

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.



Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Microsoft Excel: 2007 - 2013 RT Service Pack 1

Microsoft Office: 2007 - 2013 RT


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU5556

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2379

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing Microsoft Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.



Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Microsoft Word: 2007 - 2013 RT Service Pack 1

Microsoft Office: 2007 - 2013 RT

Microsoft Office for Mac: 2011


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU5557

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2380

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious Word file. A remote attacker can create a specially crafted Microsoft Word file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.



Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Microsoft Word: 2007 - 2013 RT Service Pack 1

Microsoft Office: 2007 - 2013 RT


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

EUVDB-ID: #VU5558

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2415

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.



Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Microsoft Excel: 2007 - 2013 RT Service Pack 1

Microsoft Office: 2007 - 2013 RT


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer overflow

EUVDB-ID: #VU5559

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2015-2424

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow when processing Office files. A remote attacker can create a specially crafted Office file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.


Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Microsoft Word: 2007 - 2013

Microsoft PowerPoint: 2007 - 2013 RT Service Pack 1

Microsoft Office: 2007 - 2013 RT


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

7) Security bypass

EUVDB-ID: #VU5561

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2375

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass Address Space Layout Randomization on the target system.

The weakness exists due to insecure memory release. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and bypass ASLR mechanism.

Successful exploitation of this vulnerability results in security bypass on the vulnerable system.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Microsoft Excel: 2010 - 2013 RT Service Pack 1

Microsoft SharePoint Server: 2010 - 2013

Microsoft Office: 2007 - 2010


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Untrusted Search Path

EUVDB-ID: #VU5560

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2378

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure .dll loading when processing Excel files. A remote attacker can place a specially crafted DLL file on a remote SMB or WebDav share along with Excel document, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Excel Viewer: 2007

Microsoft Excel: 2007 - 2010

Microsoft Office: 2007 - 2010


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###