KLA10632 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft office. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

1. An unknown vulnerability can be exploited remotely via a specially designed office document to cause denial og service or execute arbitrary code;
2. An unknown vulnerability can be exploited remotely via a specially designed spreadsheet to bypass ASLR protection;
3. Untrusted search path vulnerability can be exploited remotely via DLL hijack at current working directory to gain privileges.

Original advisories

CVE-2015-2377

CVE-2015-2376

CVE-2015-2375

CVE-2015-2379

CVE-2015-2378

CVE-2015-2380

CVE-2015-2424

CVE-2015-2415

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Office

Microsoft-Sharepoint-Server

CVE list

CVE-2015-2377 critical

CVE-2015-2376 critical

CVE-2015-2375 warning

CVE-2015-2379 critical

CVE-2015-2378 high

CVE-2015-2380 critical

CVE-2015-2424 critical

CVE-2015-2415 critical

KB list

3072620

2837612

2965283

2965208

2965281

2965209

3073865

3054981

3054968

3054996

3054990

3054861

3054949

3054958

3054973

3054963

3054971

3054999

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2013 RT Service Pack 1Microsoft Office for Mac 2011Microsoft Excel Viewer 2007 Service Pack 3Microsoft Office Compatibility Pack Service Pack 3Microsoft Word ViewerMicrosoft SharePoint Server 2007 Service Pack 3Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Server 2013 Service Pack 1