MS15-099: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple remote code execution
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Excel,
Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack,
Microsoft Office Web Apps, and/or Microsoft SharePoint Foundation
installed that is affected by one or more of the following
vulnerabilities :

- Multiple remote code execution vulnerabilities exist due
to improper handling of objects in memory. A remote
attacker can exploit these vulnerabilities by convincing
a user to open a specially crafted file in Microsoft
Office, resulting in execution of arbitrary code in the
context of the current user. (CVE-2015-2520,
CVE-2015-2521, CVE-2015-2523)

- A cross-site scripting vulnerability exists in
SharePoint due to improper sanitization of user-supplied
web requests. A remote attacker can exploit this
vulnerability, via a specially crafted web request, to
execute arbitrary script code in the context of the
current user. (CVE-2015-2522)

- A remote code execution vulnerability exists in
Microsoft Office due to improper handling of malformed
graphics images. A remote attacker can exploit this
vulnerability by convincing a user to open a file or
visit a website containing a specially crafted EPS image
binary, resulting in execution of arbitrary code in the
context of the current user. (CVE-2015-2545)

See also :

https://technet.microsoft.com/library/security/ms15-099

Solution :

Microsoft has released a set of patches for Office 2007, 2010, 2013,
2013 RT, 2016, SharePoint Server 2013, Microsoft Office Compatibility
Pack, and Microsoft Office Web Apps 2013.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 85879 ()

Bugtraq ID: 76561
76562
76564
76588
76667

CVE ID: CVE-2015-2520
CVE-2015-2521
CVE-2015-2522
CVE-2015-2523
CVE-2015-2545

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now