KLA10583 Code execution vulnerability in Microsoft Office

2015-05-12T00:00:00
ID KLA10583
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-06-03T00:00:00

Description

Detect date:

05/12/2015

Severity:

Critical

Description:

An unspecified vulnerability was found in Microsoft products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed document.

Affected products:

Office 2007 Service Pack 3
Office 2010 x86, x64 Service Pack 2
Office 2013 x86, x64, RT Service Pack 1
Office for Mac 2011
PoerPoint Viewer
SharePoint Server 2010 Service Pack 2
SharePoint Server 2013 Service Pack 1
Office Web Apps 2010 Service Pack 2
Office Web Apps 2013 Service Pack 1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

Microsoft bulletin
CVE-2015-1683
CVE-2015-1682

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2015-16839.3Critical
CVE-2015-16829.3Critical

Microsoft official advisories:

KB list:

3017815
2956194
2999420
2965307
2965240
2975816
3039748
2956140
3057181
3039725
2965233
2956195
2965237
2999412
2956193
2965311
3023055
2975808
2965282
2965242
2986216
3062536
3039736