MS15-116: Security Updates for Microsoft Office to Address Remote Code Execution (3104540) (Mac OS X)
High Nessus Plugin ID 86817
SynopsisAn application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.
DescriptionThe version of Microsoft Office installed on the remote Mac OS X host is affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-6038, CVE-2015-6094)
- A spoofing vulnerability exists in Microsoft Outlook for Mac due to improper sanitization of HTML content. A remote attacker can exploit this, via a crafted email, to spoof content or to chain an attack to other vulnerabilities in web services. (CVE-2015-6123)
SolutionMicrosoft has released patches for Office for Mac 2011 and for Office 2016 for Mac.