KLA10590 Multiple vulnerabilities in Microsoft Office

An unspecified vulnerabilities were found in Microsoft Office. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.

Original advisories

CVE-2015-0064

CVE-2015-0063

CVE-2015-0065

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Office

CVE list

CVE-2015-0064 critical

CVE-2015-0063 critical

CVE-2015-0065 critical

KB list

2956099

2956073

2956066

2956092

2956058

2956098

2920753

2956081

2920810

2956097

3032328

2920791

2956070

2920788

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Microsoft Office 2007 Service Pack 3Microsoft Office 2010 x86, x64 Service Pack 2Microsoft Office 2013 x86, x64Microsoft Office 2013 x86, x64 Service Pack 1Microsoft Office 2013 x86, x64 RT