Microsoft Office Remote Code Execution Vulnerabilities

Last Update Date: 14 Aug 2015 Release Date: 12 Aug 2015 3773 Views

RISK: High Risk

TYPE: Clients - Productivity Products

Multiple Microsoft Office Memory Corruption Vulnerabilities
Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then, for example, take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.
Unsafe Command Line Parameter Passing Vulnerability
An information disclosure vulnerability exists in Microsoft Windows, Internet Explorer, and Microsoft Office when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM).
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly validate templates. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. Exploitation of this vulnerability requires that a user open a specially crafted template file with an affected version of Microsoft Office software.
Microsoft Office Integer Underflow Vulnerability
A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. Exploitation of this vulnerability requires that a user open a specially crafted Office file with an affected version of Microsoft Office software.