MS15-070: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Microsoft
Word, Microsoft Excel, Microsoft PowerPoint, SharePoint Server, or
Microsoft Office Compatibility Pack installed that is affected by
multiple vulnerabilities :

- An ASLR bypass vulnerability exists in Microsoft Excel
due to memory being released in an unintended manner. A
remote attacker can exploit this by convincing a user to
open a specially crafted Excel (.xls) file, allowing the
attacker to more reliably predict the memory offsets of
specific instructions in a given call stack. The
attacker can then utilize this information to more
easily exploit additional vulnerabilities.
(CVE-2015-2375)

- Multiple remote code execution vulnerabilities exist
due to improper handling of objects in memory. A remote
attacker can exploit these vulnerabilities by convincing
a user to open a specially crafted file, resulting in
the execution of arbitrary code in the context of the
current user. (CVE-2015-2376, CVE-2015-2377,
CVE-2015-2379, CVE-2015-2380, CVE-2015-2415,
CVE-2015-2424)

- A remote code execution vulnerability exists in
Microsoft excel due to improper handling of the loading
of dynamic link library (DLL) files. A remote attacker
can exploit this vulnerability by placing a specially
crafted DLL file in the user's current working directory
and then convincing the user to launch a program
designed to load the DLL, resulting in the execution of
arbitrary code in the context of the current user.
(CVE-2015-2378)

See also :

https://technet.microsoft.com/library/security/ms15-070

Solution :

Microsoft has released a set of patches for Office 2007. Office 2010,
Office 2013, Word 2007, Word 2010, Word 2013, Excel 2007, Excel 2010,
Excel 2013, PowerPoint 2007, PowerPoint 2010, PowerPoint 2013, Excel
Viewer, Word Viewer, Office Compatibility Pack, SharePoint Server
2007, SharePoint Server 2010, and SharePoint Server 2013.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 84739 ()

Bugtraq ID:

CVE ID: CVE-2015-2375
CVE-2015-2376
CVE-2015-2377
CVE-2015-2378
CVE-2015-2379
CVE-2015-2380
CVE-2015-2415
CVE-2015-2424

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now