Multiple Microsoft Products CVE-2015-2423 Local Information Disclosure Vulnerability

Description

Multiple Microsoft products are prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Technologies Affected

• Microsoft Excel 2007 SP3
• Microsoft Excel 2010 SP2 (32-bit editions)
• Microsoft Excel 2010 SP2 (64-bit editions)
• Microsoft Excel 2013 RT Service Pack 1
• Microsoft Excel 2013 Service Pack 1 (32-bit editions)
• Microsoft Excel 2013 Service Pack 1 (64-bit editions)
• Microsoft Excel Viewer 2007 Service Pack 3
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8
• Microsoft Internet Explorer 9
• Microsoft Office 2010 (32-bit edition) SP2
• Microsoft Office 2010 (64-bit edition) SP2
• Microsoft Office Web Apps Server 2013 SP1
• Microsoft PowerPoint 2007 SP3
• Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
• Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
• Microsoft PowerPoint 2013 RT Service Pack 1
• Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
• Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
• Microsoft Visio 2007 SP3
• Microsoft Visio 2010 Service Pack 2 (32-bit editions)
• Microsoft Visio 2010 Service Pack 2 (64-bit edititions)
• Microsoft Visio 2013 Service Pack 1 (32-bit editions)
• Microsoft Visio 2013 Service Pack 1 (64-bit editions)
• Microsoft Windows 10 for 32-bit Systems
• Microsoft Windows 10 for x64-based Systems
• Microsoft Windows 7 for 32-bit Systems SP1
• Microsoft Windows 7 for x64-based Systems SP1
• Microsoft Windows 8 for 32-bit Systems
• Microsoft Windows 8 for x64-based Systems
• Microsoft Windows 8.1 for 32-bit Systems
• Microsoft Windows 8.1 for x64-based Systems
• Microsoft Windows RT 8.1
• Microsoft Windows RT
• Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
• Microsoft Windows Server 2008 R2 for x64-based Systems SP1
• Microsoft Windows Server 2008 for 32-bit Systems SP2
• Microsoft Windows Server 2008 for Itanium-based Systems SP2
• Microsoft Windows Server 2008 for x64-based Systems R2
• Microsoft Windows Server 2012
• Microsoft Windows Server 2012 R2
• Microsoft Windows Vista Service Pack 2
• Microsoft Windows Vista x64 Edition Service Pack 2
• Microsoft Word 2007 SP3
• Microsoft Word 2010 Service Pack 2 (32-bit editions)
• Microsoft Word 2010 Service Pack 2 (64-bit editions)
• Microsoft Word 2013 RT Service Pack 1
• Microsoft Word 2013 Service Pack 1 (32-bit editions)
• Microsoft Word 2013 Service Pack 1 (64-bit editions)
• Microsoft Word Automation Services on Microsoft SharePoint Server 2010 SP1
• Microsoft Word Automation Services on Microsoft SharePoint Server 2010 SP2
• Microsoft Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1
• Microsoft Word Web Apps 2010 Service Pack 2

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Allow only trusted individuals to have user accounts and local access to the resources.

Updates are available. Please see the references or vendor advisory for more information.