- Home
- CVEs with nessus.description==The remote Windows host has a version of Microsoft Office, Word, Word
Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office
Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web
Apps installed that is affected by multiple remote code execution
vulnerabilities :
- Multiple remote code execution vulnerabilities exist due
to improper handling of objects in memory. A remote
attacker can exploit these vulnerabilities by convincing
a user to open a specially crafted Office file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2015-1642,
CVE-2015-2467, CVE-2015-2468, CVE-2015-2469,
CVE-2015-2477)
- An information disclosure vulnerability exists when
files at a medium integrity level become accessible to
Internet Explorer running in Enhanced Protection Mode
(EPM). An attacker can exploit this vulnerability by
leveraging another vulnerability to execute code in IE
with EPM, and then executing Excel, Notepad, PowerPoint,
Visio, or Word using an unsafe command line parameter.
(CVE-2015-2423)
- A remote code execution vulnerability exists due a
failure to properly validate templates. A remote
attacker can exploit this vulnerability by convincing a
user to open a specially crafted template file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2015-2466)
- A remote code execution vulnerability exists when Office
decreases an integer value beyond its intended minimum
value. A remote attacker can exploit this vulnerability
by convincing a user to open a specially crafted Office
file, resulting in the execution of arbitrary code in
the context of the current user. (CVE-2015-2470)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top