Kaspersky Threats

KLA10551
Code execution vulnerabilities in Microsoft Office

Updated: 05/13/2020

Detect date ?	04/14/2015
Severity ?	Critical
Description	Use-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 x86, x64 Service Pack 2 Microsoft Office 2013 x86, x64, RT Service Pack1 Microsoft Word Viewer Microsoft Office Compatibility Pack Service Pack 3 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoinr Server 2013 Service Pack 1 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps 2013 Service Pack 1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	MS15-033 CVE-2015-0204 CVE-2015-0484 CVE-2015-0492 CVE-2015-0469 CVE-2015-0478 CVE-2015-0480 CVE-2015-0477 CVE-2015-0458 CVE-2015-0459 CVE-2015-0470 CVE-2015-0488 CVE-2015-0486 CVE-2015-0491 CVE-2015-0460
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] LoI [?]
Related products	Microsoft Office
CVE-IDS ?	CVE-2015-02044.3Warning CVE-2015-04846.8High CVE-2015-04929.3Critical CVE-2015-046910.0Critical CVE-2015-04784.3Warning CVE-2015-04805.8High CVE-2015-04774.3Warning CVE-2015-04587.6Critical CVE-2015-045910.0Critical CVE-2015-04704.3Warning CVE-2015-04885.0Critical CVE-2015-04865.0Critical CVE-2015-049110.0Critical CVE-2015-04609.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	2965224 2965284 2553428 2965236 2965215 2553164 2965238 2965210 2965289 3051737 2965306 3055707