فا

‫ Microsoft Office Multiple Products Multiple Vulnerabilities

ID: IRCAD2015033810
Release Date: 2015-03-10
Criticality level: Highly critical
Software:
Microsoft Excel 2010
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2007
Microsoft Office Web Apps
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft Office Word 2007
Microsoft Office Word Viewer
Microsoft PowerPoint 2007
Microsoft PowerPoint 2010
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Windows SharePoint Services 3.x
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2013 RT
Description:
Multiple vulnerabilities have been reported in multiple Microsoft Office products, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
1) A use-after-free error when parsing Office files can be exploited to corrupt memory via a specially crafted Office file.
2) An error when handling Rich Text Format files can be exploited to corrupt memory via a specially crafted RTF file.
3) An error related to Local Zone when parsing Office files can be exploited to corrupt memory via a specially crafted Office file.
4) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution
Apply update.
References:
MS15-022 (KB3038999, KB2984939, KB2956103, KB2899580, KB2956109, KB2956076, KB2956138, KB2883100, KB2889839, KB2956142, KB2920812, KB2956139, KB2956151, KB2956163, KB2956188, KB2956189, KB2956107, KB2956106, KB2956136, KB2956143, KB2920731, KB2956069, KB2956158, KB2881068, KB2956208, KB2956175, KB2956183, KB2760508, KB2956180, KB2956153, KB2760554, KB2880473, KB2737989, KB2881078, KB2956181, KB2760361):
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 3 فروردین 1394

امتیاز

امتیاز شما
تعداد امتیازها:0