Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability."

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities :

  - Multiple remote code execution vulnerabilities exist due     to improper handling of objects in memory. A remote     attacker can exploit these vulnerabilities by convincing     a user to open a specially crafted Office file,     resulting in the execution of arbitrary code in the     context of the current user. (CVE-2015-1642,     CVE-2015-2467, CVE-2015-2468, CVE-2015-2469,     CVE-2015-2477)

  - An information disclosure vulnerability exists when     files at a medium integrity level become accessible to     Internet Explorer running in Enhanced Protection Mode     (EPM). An attacker can exploit this vulnerability by     leveraging another vulnerability to execute code in IE     with EPM, and then executing Excel, Notepad, PowerPoint,     Visio, or Word using an unsafe command line parameter.
    (CVE-2015-2423)

  - A remote code execution vulnerability exists due a     failure to properly validate templates. A remote     attacker can exploit this vulnerability by convincing a     user to open a specially crafted template file,     resulting in the execution of arbitrary code in the     context of the current user. (CVE-2015-2466)

  - A remote code execution vulnerability exists when Office     decreases an integer value beyond its intended minimum     value. A remote attacker can exploit this vulnerability     by convincing a user to open a specially crafted Office     file, resulting in the execution of arbitrary code in     the context of the current user. (CVE-2015-2470)

The remote Windows host is affected by an information disclosure vulnerability when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3082442. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3082442 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.

ID	Name	Product	Family	Severity
85350	MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)	Nessus	Windows : Microsoft Bulletins	high
85334	MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)	Nessus	Windows : Microsoft Bulletins	medium
85333	MS15-079: Cumulative Security Update for Internet Explorer (3082442)	Nessus	Windows : Microsoft Bulletins	high

Detections

Analytics

CVE-2015-2423

low

Tenable Plugins

high

medium

high