MS15-046: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple remote code execution
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Microsoft
Word, Microsoft Excel, Microsoft PowerPoint, SharePoint Server,
SharePoint Foundation Server, or Microsoft Office Web Apps installed
that is affected by multiple remote code execution vulnerabilities due
to improper handling of objects in memory. A remote attacker can
exploit these vulnerabilities by convincing a user to open a specially
crafted file, resulting in execution of arbitrary code in the context
of the current user.

See also :

https://technet.microsoft.com/library/security/ms15-046

Solution :

Microsoft has released a set of patches for Office 2007, Office 2010,
Office 2013, Word 2010, Word 2013, Excel 2010, Excel 2013, PowerPoint
2010, PowerPoint 2013, PowerPoint Viewer, SharePoint Server Foundation
2010, SharePoint Server 2013, and Office Web Apps.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 83416 ()

Bugtraq ID: 74481
74484

CVE ID: CVE-2015-1682
CVE-2015-1683

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now