KLA10551
Code execution vulnerabilities in Microsoft Office
Updated: 06/01/2019
Detect date
?
04/14/2015
Severity
?
Critical
Description

Use-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 x86, x64 Service Pack 2
Microsoft Office 2013 x86, x64, RT Service Pack1
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoinr Server 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS15-033
CVE-2015-0204
CVE-2015-0484
CVE-2015-0492
CVE-2015-0469
CVE-2015-0478
CVE-2015-0480
CVE-2015-0477
CVE-2015-0458
CVE-2015-0459
CVE-2015-0470
CVE-2015-0488
CVE-2015-0486
CVE-2015-0491
CVE-2015-0460

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

LoI 
[?]
Related products
Microsoft Office
CVE-IDS
?
CVE-2015-02044.3Warning
CVE-2015-04846.8High
CVE-2015-04929.3Critical
CVE-2015-046910.0Critical
CVE-2015-04784.3Warning
CVE-2015-04805.8High
CVE-2015-04774.3Warning
CVE-2015-04587.6Critical
CVE-2015-045910.0Critical
CVE-2015-04704.3Warning
CVE-2015-04885.0Critical
CVE-2015-04865.0Critical
CVE-2015-049110.0Critical
CVE-2015-04609.3Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

2965224
2965284
2553428
2965236
2965215
2553164
2965238
2965210
2965289
3051737
2965306
3055707