SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Office Vendors:   Microsoft
Microsoft Office Object Handling Errors in Excel and Word Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1031720
SecurityTracker URL:  http://securitytracker.com/id/1031720
CVE Reference:   CVE-2015-0063, CVE-2015-0064, CVE-2015-0065   (Links to External Site)
Date:  Feb 10 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Excel 2007, 2010, 2013; Word 2007, 2010; Office 2010; Web Applications 2010; Word Viewer; Excel Viewer; and Office Compatibility Pack.
Description:   Three vulnerabilities were reported in Microsoft Office. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Office file that, when loaded by the target user, will trigger an object memory handling flaw in Microsoft Excel and execute arbitrary code on the target system [CVE-2015-0063]. The code will run with the privileges of the target user.

A remote user can create a specially crafted Office file that, when loaded by the target user, will trigger an object memory handling flaw in Microsoft Word and execute arbitrary code on the target system [CVE-2015-0064]. The code will run with the privileges of the target user.

A remote user can create a specially crafted Office file that, when loaded by the target user, will trigger an object memory handling flaw in OneTableDocumentStream() in Microsoft Word and execute arbitrary code on the target system [CVE-2015-0065]. The code will run with the privileges of the target user.

Fermin J. Serna of the Google Security Team and Ben Hawkes of the Google Security Team reported these vulnerabilities.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Excel 2007 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=FE99FA55-56F5-4108-9976-CA746A338571

Microsoft Word 2007 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=ABA01170-0205-465B-B1D8-ED763828AB0F

Microsoft Office 2010 Service Pack 2 (32-bit editions) (proofing tools):

http://www.microsoft.com/downloads/details.aspx?familyid=BC0C6F4D-EDCB-4444-9351-4D3A0133E3D8

Microsoft Office 2010 Service Pack 2 (64-bit editions) (proofing tools):

http://www.microsoft.com/downloads/details.aspx?familyid=AEA87990-ADF0-416C-BCEC-E65401E2E82F

Microsoft Office 2010 Service Pack 2 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=D29D3C73-9C37-4554-A756-DC85F83D664C

Microsoft Office 2010 Service Pack 2 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=F9236FCE-9CD0-488C-9426-4E01BD178E01

Microsoft Excel 2010 Service Pack 2 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=12919000-61F1-474A-808C-3868B14CCF13

Microsoft Excel 2010 Service Pack 2 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=08DA48EE-4E48-4206-9279-97934A0973D4

Microsoft Word 2010 Service Pack 2 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=8476EFB5-9749-4B34-AE11-B15D85577FF4

Microsoft Word 2010 Service Pack 2 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=121E36D1-CA5E-43E0-96BC-345791E27990

Microsoft Excel 2013 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=10DC1B3D-C2EC-43EF-B38B-E72690F60794

Microsoft Excel 2013 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=6FF533C7-D697-4954-BC91-53D18197EE54

Microsoft Excel 2013 Service Pack 1 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=10DC1B3D-C2EC-43EF-B38B-E72690F60794

Microsoft Excel 2013 Service Pack 1 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=6FF533C7-D697-4954-BC91-53D18197EE54

Microsoft Word Viewer:

http://www.microsoft.com/downloads/details.aspx?familyid=54B740F6-475C-459B-9DC7-7E2161073C01

Microsoft Excel Viewer:

http://www.microsoft.com/downloads/details.aspx?familyid=EC37B96C-4341-4EF0-8175-65AA015CAB2A

Microsoft Office Compatibility Pack Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=9A286D96-7A64-4E02-ABF9-A910990B8B45

Microsoft Office Compatibility Pack Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=711D3452-FC98-44C1-8CB2-9168083FA2DC

Word Automation Services:

http://www.microsoft.com/downloads/details.aspx?familyid=8c85e60e-c1a2-41d5-a38a-4eac00e84666

Microsoft Web Applications 2010 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5A7503C8-AECA-4C71-92C0-77BB2489DA80

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-012

Vendor URL:  technet.microsoft.com/library/security/ms15-012 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC