MS15-012: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple remote code execution
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Office
Compatibility Pack, Microsoft Word Viewer, Microsoft Excel Viewer,
SharePoint Server, or Microsoft Office Web Apps that is affected by
one or more remote code execution vulnerabilities due to Microsoft
Word and Microsoft Excel improperly handling objects in memory. A
remote attacker can exploit these vulnerabilities by convincing a user
to open a specially crafted Office file, resulting in execution of
arbitrary code in the context of the current user.

See also :

https://technet.microsoft.com/library/security/ms15-012

Solution :

Microsoft has released a set of patches for Office 2007, 2010, 2013,
Office Compatibility Pack, Microsoft Word Viewer, Microsoft Excel
Viewer, SharePoint Server, and Office Web Apps.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 81265 ()

Bugtraq ID: 72460
72463
72465

CVE ID: CVE-2015-0063
CVE-2015-0064
CVE-2015-0065

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now