Microsoft Outlook for Mac CVE-2015-6123 Spoofing Vulnerability
2015-11-10T00:00:00
ID SMNTC-77525 Type symantec Reporter Symantec Security Response Modified 2015-11-10T00:00:00
Description
Description
Microsoft Outlook for Mac is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.
Technologies Affected
Microsoft Excel 2016 for Mac
Microsoft Excel for Mac 2011
Microsoft Office for Mac 2011
Microsoft Office for Mac 2016
Recommendations
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
Do not follow links provided by unknown or untrusted sources.
Never follow links provided by unknown or untrusted sources.
Set web browser security to disable the execution of script code or active content.
Since a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.
Updates are available. Please see the references or vendor advisory for more information.
{"hash": "bd0cf3de1aff2cfcebf28fb3380b51c92d48b29c35f8ff1b3bb05622ee67f9c5", "id": "SMNTC-77525", "lastseen": "2018-03-14T22:40:20", "viewCount": 2, "hashmap": [{"hash": "4f062fe56cc5484dfa14bedf9b591445", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "9544b72122f97e159263e66c489b9cc2", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "129be1a040119f8975d4f9fe311bc477", "key": "description"}, {"hash": "5f7dd6aa3756101a67e6477e119a4726", "key": "href"}, {"hash": "eb9732580dc8b0dc3512e862ab73e1f8", "key": "modified"}, {"hash": "eb9732580dc8b0dc3512e862ab73e1f8", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}, {"hash": "d8d049ec17873646fe1a0f4b943a2332", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}], "bulletinFamily": "software", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "edition": 2, "enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2018-03-14T22:40:20"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-6123"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806705"]}, {"type": "nessus", "idList": ["MACOSX_MS15-116_OFFICE.NASL"]}, {"type": "kaspersky", "idList": ["KLA10696"]}], "modified": "2018-03-14T22:40:20"}, "vulnersScore": 4.7}, "type": "symantec", "description": "### Description\n\nMicrosoft Outlook for Mac is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.\n\n### Technologies Affected\n\n * Microsoft Excel 2016 for Mac \n * Microsoft Excel for Mac 2011 \n * Microsoft Office for Mac 2011 \n * Microsoft Office for Mac 2016 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nNever follow links provided by unknown or untrusted sources.\n\n**Set web browser security to disable the execution of script code or active content.** \nSince a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "title": "Microsoft Outlook for Mac CVE-2015-6123 Spoofing Vulnerability", "history": [{"bulletin": {"hash": "d216b36eb282a33aa536673cac2c4667a0dfdd92c37b9e926ff7567c1f62173e", "viewCount": 0, "edition": 1, "lastseen": "2016-09-04T11:41:18", "history": [], "objectVersion": "1.2", "hashmap": [{"hash": "a5c052cbd30ec090ea2027a62cf60f87", "key": "affectedSoftware"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "dcb82832d815041d95bcfb94538373b6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d8d049ec17873646fe1a0f4b943a2332", "key": "title"}, {"hash": "ee6a0b3622ff10d3a1cca56f03e3f484", "key": "description"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}, {"hash": "9544b72122f97e159263e66c489b9cc2", "key": "cvelist"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "eb9732580dc8b0dc3512e862ab73e1f8", "key": "published"}, {"hash": "eb9732580dc8b0dc3512e862ab73e1f8", "key": "modified"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}], "cvelist": ["CVE-2015-6123"], "bulletinFamily": "software", "published": "2015-11-10T00:00:00", "description": "### Description\n\nMicrosoft Outlook for Mac is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. \n\n### Technologies Affected\n\n * Microsoft Excel 2016 for Mac\n * Microsoft Excel for Mac 2011\n * Microsoft Office for Mac 2011\n * Microsoft Office for Mac 2016\n\n### Recommendations\n\n#### Run all software as a nonprivileged user with minimal access rights.\n\nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n#### Deploy network intrusion detection systems to monitor network traffic for malicious activity.\n\nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n#### Do not follow links provided by unknown or untrusted sources.\n\nNever follow links provided by unknown or untrusted sources.\n\n#### Set web browser security to disable the execution of script code or active content.\n\nSince a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code. \n\nUpdates are available. Please see the references or vendor advisory for more information. \n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "id": "SMNTC-77525", "reporter": "Symantec Security Response", "references": [], "affectedSoftware": [{"version": "2016", "name": "Microsoft Office for Mac", "operator": "eq"}, {"version": "2011", "name": "Microsoft Office for Mac", "operator": "eq"}, {"version": "Mac", "name": "Microsoft Excel 2016 for", "operator": "eq"}, {"version": "2011", "name": "Microsoft Excel for Mac", "operator": "eq"}], "title": "Microsoft Outlook for Mac CVE-2015-6123 Spoofing Vulnerability", "modified": "2015-11-10T00:00:00", "enchantments": {"score": {"value": 2.6, "modified": "2016-09-04T11:41:18"}}, "href": "https://www.symantec.com/security_response/vulnerability.jsp?bid=77525", "type": "symantec"}, "lastseen": "2016-09-04T11:41:18", "edition": 1, "differentElements": ["description", "href", "affectedSoftware"]}], "objectVersion": "1.3", "cvelist": ["CVE-2015-6123"], "published": "2015-11-10T00:00:00", "references": [], "reporter": "Symantec Security Response", "affectedSoftware": [{"version": "2016 ", "name": "Microsoft Office for Mac", "operator": "eq"}, {"version": "2011 ", "name": "Microsoft Office for Mac", "operator": "eq"}, {"version": "2011 ", "name": "Microsoft Excel for Mac", "operator": "eq"}, {"version": "2016 for Mac ", "name": "Microsoft Excel", "operator": "eq"}], "modified": "2015-11-10T00:00:00", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/77525"}
{"cve": [{"lastseen": "2019-05-29T18:14:43", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka \"Microsoft Outlook for Mac Spoofing Vulnerability.\"", "modified": "2018-10-12T22:10:00", "id": "CVE-2015-6123", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6123", "published": "2015-11-11T12:59:00", "title": "CVE-2015-6123", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS15-116", "modified": "2019-05-20T00:00:00", "published": "2015-11-24T00:00:00", "id": "OPENVAS:1361412562310806705", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806705", "title": "Microsoft Office Multiple Vulnerabilities-3104540 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Multiple Vulnerabilities-3104540 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806705\");\n script_version(\"2019-05-20T11:12:48+0000\");\n script_cve_id(\"CVE-2015-6038\", \"CVE-2015-6094\", \"CVE-2015-6123\");\n script_bugtraq_id(77489, 77490);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 11:12:48 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:32:31 +0530 (Tue, 24 Nov 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Office Multiple Vulnerabilities-3104540 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS15-116\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Improper handling of files and objects in the memory.\n\n - Insufficient sanitization of user supplied input by Outlook for Mac.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, conduct spoofing attacks, perform unauthorized\n actions and some other attacks.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2011 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3102924\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-116\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Office/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noffVer = get_kb_item(\"MS/Office/MacOSX/Ver\");\n\nif(!offVer || offVer !~ \"^14\\.\"){\n exit(0);\n}\n\nif(version_in_range(version:offVer, test_version:\"14.0\", test_version2:\"14.5.7\"))\n{\n report = 'File version: ' + offVer + '\\n' +\n 'Vulnerable range: 14.0 - 14.5.7' + '\\n' ;\n security_message(data:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T02:54:25", "bulletinFamily": "scanner", "description": "The version of Microsoft Office installed on the remote Mac OS X host\nis affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist due\n to improper handling of objects in memory. A remote\n attacker can exploit these vulnerabilities by convincing\n a user to open a specially crafted Office file,\n resulting in execution of arbitrary code in the context\n of the current user. (CVE-2015-6038, CVE-2015-6094)\n\n - A spoofing vulnerability exists in Microsoft Outlook for\n Mac due to improper sanitization of HTML content. A\n remote attacker can exploit this, via a crafted email,\n to spoof content or to chain an attack to other\n vulnerabilities in web services. (CVE-2015-6123)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_MS15-116_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/86817", "published": "2015-11-10T00:00:00", "title": "MS15-116: Security Updates for Microsoft Office to Address Remote Code Execution (3104540) (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86817);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\"CVE-2015-6038\", \"CVE-2015-6094\", \"CVE-2015-6123\");\n script_xref(name:\"MSFT\", value:\"MS15-116\");\n script_xref(name:\"IAVA\", value:\"2015-A-0272\");\n script_xref(name:\"MSKB\", value:\"3102924\");\n script_xref(name:\"MSKB\", value:\"3102925\");\n\n script_name(english:\"MS15-116: Security Updates for Microsoft Office to Address Remote Code Execution (3104540) (Mac OS X)\");\n script_summary(english:\"Checks the version of Microsoft Office.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Office installed on the remote Mac OS X host\nis affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist due\n to improper handling of objects in memory. A remote\n attacker can exploit these vulnerabilities by convincing\n a user to open a specially crafted Office file,\n resulting in execution of arbitrary code in the context\n of the current user. (CVE-2015-6038, CVE-2015-6094)\n\n - A spoofing vulnerability exists in Microsoft Outlook for\n Mac due to improper sanitization of HTML content. A\n remote attacker can exploit this, via a crafted email,\n to spoof content or to chain an attack to other\n vulnerabilities in web services. (CVE-2015-6123)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/ms15-116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released patches for Office for Mac 2011 and for Office\n2016 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2011:mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2016:mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_for_mac:2011\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_for_mac:2016\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_office_installed.nbin\");\n script_require_keys(\"Host/MacOSX/Version\");\n script_require_ports(\"installed_sw/Office for Mac 2011\", \"installed_sw/Microsoft Outlook\", \"installed_sw/Microsoft Excel\", \"installed_sw/Microsoft Word\", \"installed_sw/Microsoft PowerPoint\", \"installed_sw/Microsoft OneNote\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n# Office 2011\napps = make_list(\n \"Office for Mac 2011\",\n \"Microsoft Outlook\",\n \"Microsoft Excel\",\n \"Microsoft Word\",\n \"Microsoft PowerPoint\",\n \"Microsoft OneNote\"\n);\n\nreport = \"\";\n\nforeach app (apps)\n{\n installs = get_installs(app_name:app);\n if (isnull(installs[1])) continue;\n foreach install (installs[1])\n {\n version = install['version'];\n path = install['path'];\n\n if (version =~ \"^14\\.\") fix = '14.5.8';\n else fix = '15.16';\n\n if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Product : ' + app +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix;\n\n os = get_kb_item(\"Host/MacOSX/Version\");\n\n if (os =~ \"^Mac OS X 10\\.[0-9](\\.|$)\" && app != \"Office for Mac 2011\")\n report += '\\n Note : Update will require Mac OS X 10.10.0 or later.\\n';\n else report += '\\n';\n }\n }\n}\n\n# Report findings.\nif (!empty(report))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:24", "bulletinFamily": "info", "description": "### *Detect date*:\n11/10/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges or execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Office 2007 Service Pack 3 \nMicrosoft Office 2010 Service Pack 2 \nMicrosoft Pinyin IME 2010 \nMicrosoft Office 2013 Service Pack 1 \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2016 \nMicrosoft Excel 2011 for Mac \nMicrosoft Excel 2016 for Mac \nMicrosoft Office Compatibility Pack Service Pack 3 \nMicrosoft Excel Viewer \nMicrosoft Word Viewer \nMicrosoft SharePoint Server 2007 Service Pack 3 \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft SharePoint Server 2013 Service Pack 1 \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nSkype for Business 2016 \nMicrosoft Lync 2013 Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-6091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6091>) \n[CVE-2015-6092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6092>) \n[CVE-2015-6093](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6093>) \n[CVE-2015-6094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6094>) \n[CVE-2015-6038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6038>) \n[CVE-2015-2503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2503>) \n[CVE-2015-6123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6123>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2015-6091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6091>)9.3High \n[CVE-2015-6092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6092>)9.3High \n[CVE-2015-6093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6093>)9.3High \n[CVE-2015-6094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6094>)9.3High \n[CVE-2015-6038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6038>)9.3High \n[CVE-2015-2503](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2503>)9.3High \n[CVE-2015-6123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6123>)4.3High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3085634](<http://support.microsoft.com/kb/3085634>) \n[3101496](<http://support.microsoft.com/kb/3101496>) \n[3101559](<http://support.microsoft.com/kb/3101559>) \n[3101514](<http://support.microsoft.com/kb/3101514>) \n[2899516](<http://support.microsoft.com/kb/2899516>) \n[3101510](<http://support.microsoft.com/kb/3101510>) \n[3101513](<http://support.microsoft.com/kb/3101513>) \n[3101512](<http://support.microsoft.com/kb/3101512>) \n[3085614](<http://support.microsoft.com/kb/3085614>) \n[3085594](<http://support.microsoft.com/kb/3085594>) \n[2687406](<http://support.microsoft.com/kb/2687406>) \n[3101555](<http://support.microsoft.com/kb/3101555>) \n[3101554](<http://support.microsoft.com/kb/3101554>) \n[3101367](<http://support.microsoft.com/kb/3101367>) \n[3101364](<http://support.microsoft.com/kb/3101364>) \n[3101365](<http://support.microsoft.com/kb/3101365>) \n[3101360](<http://support.microsoft.com/kb/3101360>) \n[3102925](<http://support.microsoft.com/kb/3102925>) \n[3054793](<http://support.microsoft.com/kb/3054793>) \n[3102924](<http://support.microsoft.com/kb/3102924>) \n[2889915](<http://support.microsoft.com/kb/2889915>) \n[3101507](<http://support.microsoft.com/kb/3101507>) \n[3085511](<http://support.microsoft.com/kb/3085511>) \n[3085552](<http://support.microsoft.com/kb/3085552>) \n[3085551](<http://support.microsoft.com/kb/3085551>) \n[2910978](<http://support.microsoft.com/kb/2910978>) \n[3085477](<http://support.microsoft.com/kb/3085477>) \n[2920680](<http://support.microsoft.com/kb/2920680>) \n[2920726](<http://support.microsoft.com/kb/2920726>) \n[3101529](<http://support.microsoft.com/kb/3101529>) \n[3101543](<http://support.microsoft.com/kb/3101543>) \n[3101525](<http://support.microsoft.com/kb/3101525>) \n[3101526](<http://support.microsoft.com/kb/3101526>) \n[3101553](<http://support.microsoft.com/kb/3101553>) \n[3101506](<http://support.microsoft.com/kb/3101506>) \n[2880506](<http://support.microsoft.com/kb/2880506>) \n[3101359](<http://support.microsoft.com/kb/3101359>) \n[3101564](<http://support.microsoft.com/kb/3101564>) \n[3101499](<http://support.microsoft.com/kb/3101499>) \n[3104540](<http://support.microsoft.com/kb/3104540>) \n[2965313](<http://support.microsoft.com/kb/2965313>) \n[3101558](<http://support.microsoft.com/kb/3101558>) \n[3101544](<http://support.microsoft.com/kb/3101544>) \n[3101509](<http://support.microsoft.com/kb/3101509>) \n[3054978](<http://support.microsoft.com/kb/3054978>) \n[3101371](<http://support.microsoft.com/kb/3101371>) \n[3101370](<http://support.microsoft.com/kb/3101370>) \n[2920698](<http://support.microsoft.com/kb/2920698>) \n[2878230](<http://support.microsoft.com/kb/2878230>) \n[3085584](<http://support.microsoft.com/kb/3085584>) \n[2596614](<http://support.microsoft.com/kb/2596614>) \n[2596770](<http://support.microsoft.com/kb/2596770>) \n[3085548](<http://support.microsoft.com/kb/3085548>) \n[3101560](<http://support.microsoft.com/kb/3101560>) \n[3085561](<http://support.microsoft.com/kb/3085561>) \n[3101521](<http://support.microsoft.com/kb/3101521>) \n[3101533](<http://support.microsoft.com/kb/3101533>) \n[2899473](<http://support.microsoft.com/kb/2899473>) \n[2817478](<http://support.microsoft.com/kb/2817478>)", "modified": "2019-03-07T00:00:00", "published": "2015-11-10T00:00:00", "id": "KLA10696", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10696", "title": "\r KLA10696Multiple vulnerabilities in Microsoft Office ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
