Kaspersky Threats

Detect date

?

07/14/2015

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft office. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

An unknown vulnerability can be exploited remotely via a specially designed office document to cause denial og service or execute arbitrary code;
An unknown vulnerability can be exploited remotely via a specially designed spreadsheet to bypass ASLR protection;
Untrusted search path vulnerability can be exploited remotely via DLL hijack at current working directory to gain privileges.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office for Mac 2011
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-2377
CVE-2015-2376
CVE-2015-2375
CVE-2015-2379
CVE-2015-2378
CVE-2015-2380
CVE-2015-2424
CVE-2015-2415

Impacts

?

ACE

[?]

DoS

[?]

SB

[?]

PE

[?]

Detect date ?	07/14/2015
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft office. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code. Below is a complete list of vulnerabilities An unknown vulnerability can be exploited remotely via a specially designed office document to cause denial og service or execute arbitrary code; An unknown vulnerability can be exploited remotely via a specially designed spreadsheet to bypass ASLR protection; Untrusted search path vulnerability can be exploited remotely via DLL hijack at current working directory to gain privileges.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2013 RT Service Pack 1 Microsoft Office for Mac 2011 Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office Compatibility Pack Service Pack 3 Microsoft Word Viewer Microsoft SharePoint Server 2007 Service Pack 3 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2013 Service Pack 1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2015-2377 CVE-2015-2376 CVE-2015-2375 CVE-2015-2379 CVE-2015-2378 CVE-2015-2380 CVE-2015-2424 CVE-2015-2415
Impacts ?	ACE [?] DoS [?] SB [?] PE [?]
Related products	Microsoft Office Microsoft Sharepoint Server
CVE-IDS ?	CVE-2015-23779.3Critical CVE-2015-23769.3Critical CVE-2015-23754.3Warning CVE-2015-23799.3Critical CVE-2015-23786.9High CVE-2015-23809.3Critical CVE-2015-24249.3Critical CVE-2015-24159.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3072620 2837612 2965283 2965208 2965281 2965209 3073865 3054981 3054968 3054996 3054990 3054861 3054949 3054958 3054973 3054963 3054971 3054999
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10632Multiple vulnerabilities in Microsoft Office

KLA10632
Multiple vulnerabilities in Microsoft Office