Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10645
HistoryAug 11, 2015 - 12:00 a.m.

KLA10645 Multiple vulnerabilities in Microsoft Office

2015-08-1100:00:00
Kaspersky Lab
threats.kaspersky.com
89

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.3%

JSON

Detect date:

08/11/2015

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.

Affected products:

Office 2007 Service Pack 3
Office 2010 Service Pack 2
Office 2013 Service Pack 1
Office 2013 RT Service Pack 1
Office for Mac 2011, 2016
Office Compatibility Pack Service Pack 3
Word Viewer
SharePoint Server 2010 Service Pack 2
SharePoint Server 2013 Service Pack 1
Word Web Apps 2010 Service Pack 2
Office Web Apps Server 2013 Service Pack 1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2015-1642
CVE-2015-2423
CVE-2015-2466
CVE-2015-2468
CVE-2015-2467
CVE-2015-2469
CVE-2015-2470
CVE-2015-2477

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2015-16429.3Critical
CVE-2015-24234.3Warning
CVE-2015-24669.3Critical
CVE-2015-24689.3Critical
CVE-2015-24679.3Critical
CVE-2015-24699.3Critical
CVE-2015-24709.3Critical
CVE-2015-24779.3Critical

Microsoft official advisories:

KB list:

2687409
3054858
3054888
3054960
3039798
3054929
3055039
2965280
3055030
3055054
3055033
3055052
3055053
3055037
3055051
3054876
3054992
3054991
3054816
2965310
3055003
2553313
3054974
3082420
3055044
3080790
3081349
2596650
2986254
2598244
2837610
3039734
3055029

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 4
mskb 3
openvas 12
securityvulns 2
checkpoint_advisories 7
symantec 8
prion 8
cve 8
cisa_kev 1
cvelist 8
attackerkb 1
threatpost 1
kaspersky 2
myhack58 1
nessus
nessus
MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
2015-08-12 00:00:00
MS15-081: Vulnerability in Microsoft Office Could Allow Remote Code Execution (3072620) (Mac OS X)
2015-08-12 00:00:00
MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
2015-08-11 00:00:00
mskb
mskb
MS15-081: Vulnerabilities in Microsoft Office could allow remote code execution: August 11, 2015
2015-08-11 00:00:00
MS15-088: Unsafe command-line parameter passing could allow information disclosure: August 11, 2015
2015-08-11 00:00:00
MS15-079: Cumulative security update for Internet Explorer: August 11, 2015
2015-08-11 00:00:00
openvas
openvas
Microsoft Office Suite Remote Code Execution Vulnerabilities (3080790)
2015-08-12 00:00:00
Microsoft Office Multiple Remote Code Execution Vulnerabilities (3080790) - Mac OS X
2015-08-13 00:00:00
Microsoft Office Word Viewer Multiple Remote Code Execution Vulnerabilities (3080790)
2015-08-12 00:00:00
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2015-08-11 00:00:00
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Memory Corruption (MS15-081: CVE-2015-2477)
2015-08-11 00:00:00
Microsoft Office Component Use After Free (MS15-081: CVE-2015-1642)
2015-08-11 00:00:00
Microsoft Office Memory Corruption (MS15-081: CVE-2015-2467)
2015-08-11 00:00:00
symantec
symantec
Microsoft Office CVE-2015-2477 Memory Corruption Vulnerability
2015-08-11 00:00:00
Microsoft Office CVE-2015-2467 Memory Corruption Vulnerability
2015-08-11 00:00:00
Microsoft Office CVE-2015-1642 Memory Corruption Vulnerability
2015-08-11 00:00:00
prion
prion
Memory corruption
2015-08-15 00:59:00
Memory corruption
2015-08-15 00:59:00
Memory corruption
2015-08-15 00:59:00
cve
cve
CVE-2015-2467
2015-08-15 00:59:00
CVE-2015-1642
2015-08-15 00:59:00
CVE-2015-2468
2015-08-15 00:59:00
cisa_kev
cisa_kev
Microsoft Office Memory Corruption Vulnerability
2022-03-03 00:00:00
cvelist
cvelist
CVE-2015-1642
2015-08-15 00:00:00
CVE-2015-2467
2015-08-15 00:00:00
CVE-2015-2468
2015-08-15 00:00:00
attackerkb
attackerkb
CVE-2015-1642
2015-08-15 00:00:00
threatpost
threatpost
August 2015 Microsoft Patch Tuesday Security Bulletins
2015-08-11 14:56:53
kaspersky
kaspersky
KLA10648 Multiple vulnerabilities in Internet Explorer
2015-08-11 00:00:00
KLA10646 Multiple vulnerabilities in Microsoft Windows
2015-08-11 00:00:00
myhack58
myhack58
The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net
2019-06-13 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.3%

JSON
Related for KLA10645
nessus4mskb3openvas12securityvulns2checkpoint_advisories7symantec8prion8cve8cisa_kev1cvelist8attackerkb1threatpost1kaspersky2myhack581