Kaspersky LabKLA10675KLA10675 Multiple vulnerabilities in Microsoft Office
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.812 High
EPSS
Percentile
98.3%
Detect date:
10/13/2015
Severity:
High
Description:
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code or obtain sensitive information.
Affected products:
Microsoft Excel 2007 Service Pack 3
Microsoft Visio 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Visio 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016
Microsoft Excel 2016 for Mac
Microsoft Excel Viewer
Microsoft Office Compatibility Pack Service Pack 3
Excel Services on Microsoft SharePoint Server 2007 Service Pack 3
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
Excel Services on Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft SharePoint Foundation 2013 Service Pack 1
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2015-2555
CVE-2015-6039
CVE-2015-6037
CVE-2015-2557
CVE-2015-2556
CVE-2015-2558
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-25559.3Critical
CVE-2015-60393.5Warning
CVE-2015-60373.5Warning
CVE-2015-25579.3Critical
CVE-2015-25564.3Warning
CVE-2015-25589.3Critical
Microsoft official advisories:
KB list:
3085571
3085514
3085595
3085619
3085618
3085609
3085615
2596670
3085542
3085567
3085583
3085568
3054994
3085596
3085582
3096440
3097266
2553405
3097264
3085520
2920693
References
support.microsoft.com/kb/2553405
support.microsoft.com/kb/2596670
support.microsoft.com/kb/2920693
support.microsoft.com/kb/3054994
support.microsoft.com/kb/3085514
support.microsoft.com/kb/3085520
support.microsoft.com/kb/3085542
support.microsoft.com/kb/3085567
support.microsoft.com/kb/3085568
support.microsoft.com/kb/3085571
support.microsoft.com/kb/3085582
support.microsoft.com/kb/3085583
support.microsoft.com/kb/3085595
support.microsoft.com/kb/3085596
support.microsoft.com/kb/3085609
support.microsoft.com/kb/3085615
support.microsoft.com/kb/3085618
support.microsoft.com/kb/3085619
support.microsoft.com/kb/3096440
support.microsoft.com/kb/3097264
support.microsoft.com/kb/3097266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6039
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2555
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2556
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2557
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2558
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6037
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6039
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
threats.kaspersky.com/en/product/Microsoft-Visio-2010/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.812 High
EPSS
Percentile
98.3%