MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple remote code execution
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Word, Word
Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office
Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web
Apps installed that is affected by multiple remote code execution
vulnerabilities :

- Multiple remote code execution vulnerabilities exist due
to improper handling of objects in memory. A remote
attacker can exploit these vulnerabilities by convincing
a user to open a specially crafted Office file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2015-1642,
CVE-2015-2467, CVE-2015-2468, CVE-2015-2469,
CVE-2015-2477)

- An information disclosure vulnerability exists when
files at a medium integrity level become accessible to
Internet Explorer running in Enhanced Protection Mode
(EPM). An attacker can exploit this vulnerability by
leveraging another vulnerability to execute code in IE
with EPM, and then executing Excel, Notepad, PowerPoint,
Visio, or Word using an unsafe command line parameter.
(CVE-2015-2423)

- A remote code execution vulnerability exists due a
failure to properly validate templates. A remote
attacker can exploit this vulnerability by convincing a
user to open a specially crafted template file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2015-2466)

- A remote code execution vulnerability exists when Office
decreases an integer value beyond its intended minimum
value. A remote attacker can exploit this vulnerability
by convincing a user to open a specially crafted Office
file, resulting in the execution of arbitrary code in
the context of the current user. (CVE-2015-2470)

See also :

https://technet.microsoft.com/library/security/ms15-081

Solution :

Microsoft has released a set of patches for Office 2007, 2010, 2013,
2013 RT, 2016, SharePoint Server 2010, SharePoint Server 2013,
Microsoft Office Compatibility Pack, Microsoft Word Web Apps 2010, and
Microsoft Office Web Apps 2013.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now