Detections
Analytics
MS15-022: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
high Nessus Plugin ID 81757
Language:
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Microsoft Word Viewer, Microsoft Excel Viewer, SharePoint Server, or Microsoft Office Web Apps that is affected by multiple vulnerabilities :- Multiple remote code execution vulnerabilities exist due to incorrectly handling objects and rich text format files in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-0085, CVE-2015-0086, CVE-2015-0097)
- Multiple cross-site scripting vulnerabilities exist due to improperly sanitized requests to affected SharePoint servers. An authenticated attacker, via a specially crafted request, can exploit these vulnerabilities to execute script code in the security context of the current user. (CVE-2015-1633, CVE-2015-1636)
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, Office Compatibility Pack, Microsoft Word Viewer, Microsoft Excel Viewer, SharePoint Server, and Office Web Apps.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-022
Plugin Details
Severity: High
ID: 81757
File Name: smb_nt_ms15-022.nasl
Version: 1.13
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 3/11/2015
Updated: 2/16/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:office_web_apps, cpe:/a:microsoft:office_compatibility_pack, cpe:/a:microsoft:word_viewer, cpe:/a:microsoft:office, cpe:/a:microsoft:excel_viewer
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/10/2015
Vulnerability Publication Date: 3/10/2015
Reference Information
CVE: CVE-2015-0085, CVE-2015-0086, CVE-2015-0097, CVE-2015-1633, CVE-2015-1636
BID: 72899, 72911, 72917, 72919, 72922
IAVA: 2015-A-0052-S
MSFT: MS15-022
MSKB: 2737989, 2760361, 2760508, 2760554, 2880473, 2881068, 2881078, 2883100, 2889839, 2899580, 2920731, 2920812, 2956069, 2956076, 2956103, 2956106, 2956107, 2956109, 2956136, 2956138, 2956139, 2956142, 2956143, 2956151, 2956153, 2956158, 2956163, 2956175, 2956180, 2956181, 2956183, 2956188, 2956189, 2956208, 2984939