en

‫ Microsoft Office Multiple Products Cross-Site Scripting and Multiple Memory Corruption Vulnerabilities

ID: IRCAD2015043880
Release Date: 2015-04-14
Criticality level: Highly critical
Software:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office for Mac 2011
Microsoft Office Web Apps
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft Office Word 2007
Microsoft Office Word Viewer
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2013 RT
Description:
Multiple vulnerabilities have been reported in multiple Microsoft Office products, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
1) An unspecified error can be exploited to corrupt memory via a specially crafted file.
Note: Reportedly, this vulnerability is currently exploited in limited targeted attacks.
2) A use-after-free error can be exploited to corrupt memory.
3) Another use-after-free error can be exploited to corrupt memory.
4) Another use-after-free error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #1 through #4 allows execution of arbitrary code.
5) An error within Microsoft Outlook for Mac can be exploited to conduct cross-site scripting attacks.
Solution
Apply updates.
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
References:
Microsoft (KB3048019, KB2965284, KB2965236, KB2553428, KB2965224, KB3055707, KB3051737, KB2965289, KB2965210, KB2553164, KB2965215, KB2965238, KB2965306):
Secunia:
 

The Wall

No comments
You need to sign in to comment