Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10551
HistoryApr 14, 2015 - 12:00 a.m.

KLA10551 Code execution vulnerabilities in Microsoft Office

2015-04-1400:00:00
Kaspersky Lab
threats.kaspersky.com
43

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.948

Percentile

99.3%

JSON

Use-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.

Original advisories

MS15-033

CVE-2015-0204

CVE-2015-0484

CVE-2015-0492

CVE-2015-0469

CVE-2015-0478

CVE-2015-0480

CVE-2015-0477

CVE-2015-0458

CVE-2015-0459

CVE-2015-0470

CVE-2015-0488

CVE-2015-0486

CVE-2015-0491

CVE-2015-0460

Related products

Microsoft-Office

CVE list

CVE-2015-0204 warning

CVE-2015-0484 high

CVE-2015-0492 critical

CVE-2015-0469 critical

CVE-2015-0478 warning

CVE-2015-0480 high

CVE-2015-0477 warning

CVE-2015-0458 critical

CVE-2015-0459 critical

CVE-2015-0470 warning

CVE-2015-0488 critical

CVE-2015-0486 critical

CVE-2015-0491 critical

CVE-2015-0460 critical

KB list

2965224

2965284

2553428

2965236

2965215

2553164

2965238

2965210

2965289

3051737

2965306

3055707

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

  • Microsoft Office 2007 Service Pack 3Microsoft Office 2010 x86, x64 Service Pack 2Microsoft Office 2013 x86, x64, RT Service Pack1Microsoft Word ViewerMicrosoft Office Compatibility Pack Service Pack 3Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoinr Server 2013 Service Pack 1Microsoft Office Web Apps 2010 Service Pack 2Microsoft Office Web Apps 2013 Service Pack 1

References

Related

nessus 51
openvas 48
f5 3
kaspersky 1
suse 10
redhat 12
ibm 13
debian 3
osv 3
ubuntu 2
archlinux 6
centos 4
veracode 11
amazon 3
oraclelinux 4
mageia 1
aix 1
atlassian 3
nvd 3
debiancve 3
prion 4
ubuntucve 3
cve 3
cvelist 4
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)
2015-04-16 00:00:00
Oracle Java SE 8 < Update 41 Multiple Vulnerabilities
2015-01-22 00:00:00
Oracle Java SE 7 < Update 77 Multiple Vulnerabilities
2015-01-22 00:00:00
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2015:0773-1)
2015-09-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0789-1)
2021-04-19 00:00:00
SUSE: Security Advisory for java-1_7_0-openjdk (SUSE-SU-2015:0833-1)
2015-10-16 00:00:00
f5
f5
K17125 : Multiple Java vulnerabilities
2015-08-12 00:00:00
SOL17125 - Multiple Java vulnerabilities
2015-08-12 00:00:00
SOL17136 - Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488
2015-08-24 00:00:00
kaspersky
kaspersky
KLA10548 Multiple vulnerabilities in Oracle products
2015-04-14 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2015-04-27 13:05:39
Security update for java-1_7_0-openjdk (important)
2015-04-27 13:05:55
Security update for java-1_7_0-openjdk (critical)
2015-05-07 21:04:54
redhat
redhat
(RHSA-2015:0854) Critical: java-1.8.0-oracle security update
2015-04-17 09:51:55
(RHSA-2015:0857) Critical: java-1.7.0-oracle security update
2015-04-20 13:52:00
(RHSA-2015:0858) Important: java-1.6.0-sun security update
2015-04-20 14:05:19
ibm
ibm
Security Bulletin: April 2015 Java Platform Standard Edition Vulnerabilities in Multiple N series Products
2018-06-18 00:28:27
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2018-06-15 07:03:06
Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 affect IBM Flex System Manager (FSM)
2018-06-18 01:29:52
debian
debian
[SECURITY] [DSA 3234-1] openjdk-6 security update
2015-04-24 18:39:47
[SECURITY] [DSA 3235-1] openjdk-7 security update
2015-04-24 18:41:20
[SECURITY] [DLA 213-1] openjdk-6 security update
2015-04-30 13:41:01
osv
osv
openjdk-6 - security update
2015-04-30 00:00:00
openjdk-6 - security update
2015-04-24 00:00:00
openjdk-7 - security update
2015-04-24 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-04-21 00:00:00
OpenJDK 7 vulnerabilities
2015-04-21 00:00:00
archlinux
archlinux
jre8-openjdk-headless: multiple issues
2015-04-17 00:00:00
jre8-openjdk: multiple issues
2015-04-17 00:00:00
jdk8-openjdk: multiple issues
2015-04-17 00:00:00
centos
centos
java security update
2015-04-15 11:10:56
java security update
2015-04-15 11:08:38
java security update
2015-04-15 11:09:51
veracode
veracode
Sandbox Protection Bypass
2019-05-02 05:13:16
Sandbox Protection Bypass
2019-05-02 05:13:14
Denial Of Service (DoS)
2019-05-02 05:13:14
amazon
amazon
Important: java-1.8.0-openjdk
2015-05-05 15:44:00
Important: java-1.7.0-openjdk
2015-04-23 00:44:00
Important: java-1.6.0-openjdk
2015-04-23 00:44:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2015-04-15 00:00:00
java-1.7.0-openjdk security update
2015-04-15 00:00:00
java-1.6.0-openjdk security update
2015-04-15 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2015-04-15 20:22:53
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-06-03 12:58:42
atlassian
atlassian
Multiple vulnerabilites in Java 1.7.0_15
2015-04-16 06:32:43
Multiple vulnerabilites in Java 1.7.0_15
2015-04-16 06:32:43
Multiple vulnerabilites in Java 1.7.0_15
2015-04-16 06:32:43
nvd
nvd
CVE-2015-0492
2015-04-16 16:59:43
CVE-2015-0484
2015-04-16 16:59:36
CVE-2015-0491
2015-04-16 16:59:42
debiancve
debiancve
CVE-2015-0492
2015-04-16 16:59:43
CVE-2015-0484
2015-04-16 16:59:36
CVE-2015-0459
2015-04-16 16:59:16
prion
prion
Design/Logic Flaw
2015-04-16 16:59:00
Design/Logic Flaw
2015-04-16 16:59:00
Design/Logic Flaw
2015-04-16 16:59:00
ubuntucve
ubuntucve
CVE-2015-0484
2015-04-16 00:00:00
CVE-2015-0459
2015-04-16 00:00:00
CVE-2015-0492
2015-04-16 00:00:00
cve
cve
CVE-2015-0491
2015-04-16 16:59:42
CVE-2015-0492
2015-04-16 16:59:43
CVE-2015-0484
2015-04-16 16:59:36
cvelist
cvelist
CVE-2015-0491
2015-04-16 16:00:00
CVE-2015-0492
2015-04-16 16:00:00
CVE-2015-0484
2015-04-16 16:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.948

Percentile

99.3%

JSON
Related for KLA10551
nessus51openvas48f53kaspersky1suse10redhat12ibm13debian3osv3ubuntu2archlinux6centos4veracode11amazon3oraclelinux4mageia1aix1atlassian3nvd3debiancve3prion4ubuntucve3cve3cvelist4