MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)

The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Microsoft Word, Microsoft Word Viewer, SharePoint Server, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities :

  • A remote code execution vulnerability exists due to improper handling rich text format files in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user.

  • Multiple use-after-free errors exist due to improper parsing specially crafted Office files. A remote attacker can exploit these errors by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-1649, CVE-2015-1650, CVE-2015-1651)

"The remote host is affected by multiple remote code execution
"The remote Windows host has a version of Microsoft Office, Office
Compatibility Pack, Microsoft Word, Microsoft Word Viewer, SharePoint
Server, or Microsoft Office Web Apps installed that is affected by
multiple remote code execution vulnerabilities :

  - A remote code execution vulnerability exists due to
    improper handling rich text format files in memory. A
    remote attacker can exploit this vulnerability by
    convincing a user to open a specially crafted file using
    the affected software, resulting in execution of
    arbitrary code in the context of the current user.

  - Multiple use-after-free errors exist due to improper
    parsing specially crafted Office files. A remote
    attacker can exploit these errors by convincing a user
    to open a specially crafted file using the affected
    software, resulting in execution of arbitrary code in
    the context of the current user. (CVE-2015-1649,
    CVE-2015-1650, CVE-2015-1651)");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Office 2010, Word 2007,
2010, 2013, Office Compatibility Pack, Microsoft Word Viewer,
SharePoint Server, and Office Web Apps.");

