Multiple vulnerabilities in Microsoft Office

Description

Multiple serious vulnerabilities have been found in Microsoft office. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

1. An unknown vulnerability can be exploited remotely via a specially designed office document to cause denial og service or execute arbitrary code;
2. An unknown vulnerability can be exploited remotely via a specially designed spreadsheet to bypass ASLR protection;
3. Untrusted search path vulnerability can be exploited remotely via DLL hijack at current working directory to gain privileges.

Original advisories

• CVE-2015-2377

• CVE-2015-2376
• CVE-2015-2375
• CVE-2015-2379
• CVE-2015-2378
• CVE-2015-2380
• CVE-2015-2424
• CVE-2015-2415

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Office
• Microsoft-Sharepoint-Server

CVE list

• CVE-2015-2377
  critical
• CVE-2015-2376
  critical
• CVE-2015-2375
  warning
• CVE-2015-2379
  critical
• CVE-2015-2378
  high
• CVE-2015-2380
  critical
• CVE-2015-2424
  critical
• CVE-2015-2415
  critical

KB list

• 3072620
• 2837612
• 2965283
• 2965208
• 2965281
• 2965209
• 3073865
• 3054981
• 3054968
• 3054996
• 3054990
• 3054861
• 3054949
• 3054958
• 3054973
• 3054963
• 3054971
• 3054999

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com