Kaspersky Threats

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

Improper memory handling can be exploited remotely via a specially designed content to execute arbitrary code;
Improper emails parsing can be exploited remotely via a specially designed email message to execute arbitrary code.

Technical details

Vulnerability (2) can be triggered on stations with Outlook installed. To mitigate this vulnerability you can disable messages preview and disable HTML display in Outlook.

Original advisories

CVE-2015-6122
CVE-2015-6118
CVE-2015-6177
CVE-2015-6124
CVE-2015-6172
CVE-2015-6040

CVE list

CVE-2015-6122
critical
CVE-2015-6118
critical
CVE-2015-6177
critical
CVE-2015-6124
critical
CVE-2015-6172
critical
CVE-2015-6040
critical

KB list

3085549
3114422
3114479
3114431
3114425
3114433
3114382
3114415
3114342
3114403
3119518
3085528
3116111
3114457
3101532
3114458
3119517

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Code execution vulnerabilities in Microsoft Office

Description

Original advisories

Related products

CVE list

KB list

Read more