Kaspersky Threats

Detect date

?

03/10/2015

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or conduct code injection.

Below is a complete list of vulnerabilities

An XSS vulnerabilities can be exploited remotely via a specially designed request;
An use-after-free vulnerability can be exploited remotely via a specially designed document;
An unknown vulnerability can be exploited remotely via a specially designed document.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 x86, x64 Service Pack 2
Microsoft Office 2013 x86, x64
Microsoft Office 2013 x86, x64 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013
Microsoft Office Web Apps 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS advisory
CVE-2015-1636
CVE-2015-0085
CVE-2015-0086
CVE-2015-1633
CVE-2015-0097

Impacts

?

ACE

[?]

DoS

[?]

CI

[?]

Detect date ?	03/10/2015
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or conduct code injection. Below is a complete list of vulnerabilities An XSS vulnerabilities can be exploited remotely via a specially designed request; An use-after-free vulnerability can be exploited remotely via a specially designed document; An unknown vulnerability can be exploited remotely via a specially designed document.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 x86, x64 Service Pack 2 Microsoft Office 2013 x86, x64 Microsoft Office 2013 x86, x64 Service Pack 1 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft SharePoint Server 2013 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps 2013 Microsoft Office Web Apps 2013 Service Pack 1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	MS advisory CVE-2015-1636 CVE-2015-0085 CVE-2015-0086 CVE-2015-1633 CVE-2015-0097
Impacts ?	ACE [?] DoS [?] CI [?]
Related products	Microsoft Office Microsoft Sharepoint Server
CVE-IDS ?	CVE-2015-16363.5Warning CVE-2015-00859.3Critical CVE-2015-00869.3Critical CVE-2015-16333.5Warning CVE-2015-00979.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	2956183 2956181 2956180 2880473 2956189 2956188 2881078 2956069 2920812 2889839 2956109 2956103 2956175 2956107 2956106 2956208 2956163 3038999 2956143 2956142 2956076 2881068 2760361 2899580 2760554 2956136 2956151 2956153 2984939 2956158 2956138 2956139 2760508 2920731 2737989 2883100
Exploitation	Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10469Multiple vulnerabilities in Microsoft products

KLA10469
Multiple vulnerabilities in Microsoft products