Multiple vulnerabilities in Microsoft Office

Published: 2015-12-08 00:00:00 | Updated: 2017-03-24 16:02:07
Severity High
Patch available YES
Number of vulnerabilities 6
CVSSv2 6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2015-6172
CVE-2015-6040
CVE-2015-6118
CVE-2015-6122
CVE-2015-6124
CVE-2015-6177
CWE ID CWE-20
CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Microsoft Word
Microsoft Office
Microsoft Excel
Microsoft Excel for Mac
Microsoft Office for Mac
Vulnerable software versions Microsoft Word 2010
Microsoft Word 2007
Microsoft Word 2016
Microsoft Word 2013
Microsoft Word 2013 RT Service Pack 1
Microsoft Office 2010
Microsoft Office 2007
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2013
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel for Mac 2016
Microsoft Excel for Mac 2011
Microsoft Office for Mac 2011
Microsoft Office for Mac 2016
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling malicious Word files. A remote attacker can create a specially crafted .doc file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms15-131.aspx

2) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious Excel files. A remote attacker can create a specially crafted .xls file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install upfate from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms15-131.aspx

3) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious Word files. A remote attacker can create a specially crafted .doc file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms15-131.aspx

4) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious Excel files. A remote attacker can create a specially crafted .xls file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install upfate from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms15-131.aspx

5) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious Word files. A remote attacker can create a specially crafted .doc file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms15-131.aspx

6) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious Excel files. A remote attacker can create a specially crafted .xls file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install upfate from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms15-131.aspx

Back to List