Описание
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- Improper memory objects handling can be exploited remotely via a specially designed file to execute arbitrary code;
- An unknown vulnerability can be exploited remotely via a specially designed file to obtain sensitive information.
Technical details
To exploit (2) attacker must first leverage another vulnerability to cause code execution in IE with EPM. Than malicious can execute Excel, Notepad, PowerPoint or another with unsafe command line parameter. Another part of updates for this vulnerability listed in KLA10646, KLA10648
Первичный источник обнаружения
- CVE-2015-1642
CVE-2015-2423
CVE-2015-2466
CVE-2015-2468
CVE-2015-2467
CVE-2015-2469
CVE-2015-2470
CVE-2015-2477
Эксплуатация
The following public exploits exists for this vulnerability:
https://www.exploit-db.com/exploits/37912
https://www.exploit-db.com/exploits/37913
https://www.exploit-db.com/exploits/37910
https://www.exploit-db.com/exploits/37924
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2015-1642 critical
- CVE-2015-2423 warning
- CVE-2015-2466 critical
- CVE-2015-2468 critical
- CVE-2015-2467 critical
- CVE-2015-2469 critical
- CVE-2015-2470 critical
- CVE-2015-2477 critical
Список KB
- 2687409
- 3054858
- 3054888
- 3054960
- 3039798
- 3054929
- 3055039
- 2965280
- 3055030
- 3055054
- 3055033
- 3055052
- 3055053
- 3055037
- 3055051
- 3054876
- 3054992
- 3054991
- 3054816
- 2965310
- 3055003
- 2553313
- 3054974
- 3082420
- 3055044
- 3080790
- 3081349
- 2596650
- 2986254
- 2598244
- 2837610
- 3039734
- 3055029
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com