MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
High Nessus Plugin ID 82767
SynopsisAn application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.
DescriptionThe remote Mac OS X host has a version of Microsoft Word installed that is affected by multiple vulnerabilities :
- A cross-site scripting vulnerability exists due to improper sanitization of HTML strings. A remote attacker can exploit this issue by convincing a user to open a file or visit a website containing specially crafted content, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-1639)
- A remote code execution vulnerability exists due to improper handling rich text format files in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user.
SolutionMicrosoft has released a patch for Office for Mac 2011.