Kaspersky Threats

Detect date

?

04/14/2015

Severity

?

Critical

Description

Use-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 x86, x64 Service Pack 2
Microsoft Office 2013 x86, x64, RT Service Pack1
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoinr Server 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS15-033
CVE-2015-0204
CVE-2015-0484
CVE-2015-0492
CVE-2015-0469
CVE-2015-0478
CVE-2015-0480
CVE-2015-0477
CVE-2015-0458
CVE-2015-0459
CVE-2015-0470
CVE-2015-0488
CVE-2015-0486
CVE-2015-0491
CVE-2015-0460

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

LoI

[?]

Detect date ?	04/14/2015
Severity ?	Critical
Description	Use-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 x86, x64 Service Pack 2 Microsoft Office 2013 x86, x64, RT Service Pack1 Microsoft Word Viewer Microsoft Office Compatibility Pack Service Pack 3 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoinr Server 2013 Service Pack 1 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps 2013 Service Pack 1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	MS15-033 CVE-2015-0204 CVE-2015-0484 CVE-2015-0492 CVE-2015-0469 CVE-2015-0478 CVE-2015-0480 CVE-2015-0477 CVE-2015-0458 CVE-2015-0459 CVE-2015-0470 CVE-2015-0488 CVE-2015-0486 CVE-2015-0491 CVE-2015-0460
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] LoI [?]
Related products	Microsoft Office
CVE-IDS ?	CVE-2015-02044.3Warning CVE-2015-04846.8High CVE-2015-04929.3Critical CVE-2015-046910.0Critical CVE-2015-04784.3Warning CVE-2015-04805.8High CVE-2015-04774.3Warning CVE-2015-04587.6Critical CVE-2015-045910.0Critical CVE-2015-04704.3Warning CVE-2015-04885.0Critical CVE-2015-04865.0Critical CVE-2015-049110.0Critical CVE-2015-04609.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	2965224 2965284 2553428 2965236 2965215 2553164 2965238 2965210 2965289 3051737 2965306 3055707

KLA10551Code execution vulnerabilities in Microsoft Office

KLA10551
Code execution vulnerabilities in Microsoft Office