MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)

High Nessus Plugin ID 85350

Synopsis

The remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-1642, CVE-2015-2467, CVE-2015-2468, CVE-2015-2469, CVE-2015-2477)

- An information disclosure vulnerability exists when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.
(CVE-2015-2423)

- A remote code execution vulnerability exists due a failure to properly validate templates. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted template file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2466)

- A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2470)

Solution

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, SharePoint Server 2010, SharePoint Server 2013, Microsoft Office Compatibility Pack, Microsoft Word Web Apps 2010, and Microsoft Office Web Apps 2013.

See Also

https://technet.microsoft.com/library/security/ms15-081

Plugin Details

Severity: High

ID: 85350

File Name: smb_nt_ms15-081.nasl

Version: 1.16

Type: local

Agent: windows

Published: 2015/08/12

Modified: 2018/08/03

Dependencies: 27524, 13855, 74250, 84669, 57033

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:word, cpe:/a:microsoft:word_viewer, cpe:/a:microsoft:excel, cpe:/a:microsoft:powerpoint, cpe:/a:microsoft:visio, cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:office_web_apps, cpe:/a:microsoft:office_compatibility_pack

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/08/11

Vulnerability Publication Date: 2015/08/11

Reference Information

CVE: CVE-2015-1642, CVE-2015-2423, CVE-2015-2466, CVE-2015-2467, CVE-2015-2468, CVE-2015-2469, CVE-2015-2470, CVE-2015-2477

BID: 76200, 76202, 76204, 76206, 76212, 76214, 76217, 76219