Lucene search

K
kasperskyKaspersky LabKLA10551
HistoryApr 14, 2015 - 12:00 a.m.

KLA10551 Code execution vulnerabilities in Microsoft Office

2015-04-1400:00:00
Kaspersky Lab
threats.kaspersky.com
29

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.948 High

EPSS

Percentile

99.3%

Use-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.

Original advisories

MS15-033

CVE-2015-0204

CVE-2015-0484

CVE-2015-0492

CVE-2015-0469

CVE-2015-0478

CVE-2015-0480

CVE-2015-0477

CVE-2015-0458

CVE-2015-0459

CVE-2015-0470

CVE-2015-0488

CVE-2015-0486

CVE-2015-0491

CVE-2015-0460

Related products

Microsoft-Office

CVE list

CVE-2015-0204 warning

CVE-2015-0484 high

CVE-2015-0492 critical

CVE-2015-0469 critical

CVE-2015-0478 warning

CVE-2015-0480 high

CVE-2015-0477 warning

CVE-2015-0458 critical

CVE-2015-0459 critical

CVE-2015-0470 warning

CVE-2015-0488 critical

CVE-2015-0486 critical

CVE-2015-0491 critical

CVE-2015-0460 critical

KB list

2965224

2965284

2553428

2965236

2965215

2553164

2965238

2965210

2965289

3051737

2965306

3055707

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

  • Microsoft Office 2007 Service Pack 3Microsoft Office 2010 x86, x64 Service Pack 2Microsoft Office 2013 x86, x64, RT Service Pack1Microsoft Word ViewerMicrosoft Office Compatibility Pack Service Pack 3Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoinr Server 2013 Service Pack 1Microsoft Office Web Apps 2010 Service Pack 2Microsoft Office Web Apps 2013 Service Pack 1

References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.948 High

EPSS

Percentile

99.3%