Kaspersky LabKLA10632KLA10632 Multiple vulnerabilities in Microsoft Office
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.878 High
EPSS
Percentile
98.6%
Detect date:
07/14/2015
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft office. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code.
Affected products:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office for Mac 2011
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2015-2377
CVE-2015-2376
CVE-2015-2375
CVE-2015-2379
CVE-2015-2378
CVE-2015-2380
CVE-2015-2424
CVE-2015-2415
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-23779.3Critical
CVE-2015-23769.3Critical
CVE-2015-23754.3Warning
CVE-2015-23799.3Critical
CVE-2015-23786.9High
CVE-2015-23809.3Critical
CVE-2015-24249.3Critical
CVE-2015-24159.3Critical
Microsoft official advisories:
KB list:
3072620
2837612
2965283
2965208
2965281
2965209
3073865
3054981
3054968
3054996
3054990
3054861
3054949
3054958
3054973
3054963
3054971
3054999
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
References
support.microsoft.com/kb/2837612
support.microsoft.com/kb/2965208
support.microsoft.com/kb/2965209
support.microsoft.com/kb/2965281
support.microsoft.com/kb/2965283
support.microsoft.com/kb/3054861
support.microsoft.com/kb/3054949
support.microsoft.com/kb/3054958
support.microsoft.com/kb/3054963
support.microsoft.com/kb/3054968
support.microsoft.com/kb/3054971
support.microsoft.com/kb/3054973
support.microsoft.com/kb/3054981
support.microsoft.com/kb/3054990
support.microsoft.com/kb/3054996
support.microsoft.com/kb/3054999
support.microsoft.com/kb/3072620
support.microsoft.com/kb/3073865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2424
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2375
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2376
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2377
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2378
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2379
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2380
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2415
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2424
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.878 High
EPSS
Percentile
98.6%