9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.741 High
EPSS
Percentile
98.1%
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
Technical details
To exploit vulnerabilities (2,4) malicious user must be logged in or anonymous access must be enabled
CVE-2015-2555 critical
CVE-2015-6039 warning
CVE-2015-6037 warning
CVE-2015-2557 critical
CVE-2015-2556 warning
CVE-2015-2558 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/2553405
support.microsoft.com/kb/2596670
support.microsoft.com/kb/2920693
support.microsoft.com/kb/3054994
support.microsoft.com/kb/3085514
support.microsoft.com/kb/3085520
support.microsoft.com/kb/3085542
support.microsoft.com/kb/3085567
support.microsoft.com/kb/3085568
support.microsoft.com/kb/3085571
support.microsoft.com/kb/3085582
support.microsoft.com/kb/3085583
support.microsoft.com/kb/3085595
support.microsoft.com/kb/3085596
support.microsoft.com/kb/3085609
support.microsoft.com/kb/3085615
support.microsoft.com/kb/3085618
support.microsoft.com/kb/3085619
support.microsoft.com/kb/3096440
support.microsoft.com/kb/3097264
support.microsoft.com/kb/3097266
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2555
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2556
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2557
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2558
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6037
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6039
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
threats.kaspersky.com/en/product/Microsoft-Visio-2010/