| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-081 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) | Microsoft Office | Critical | 12-08-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
Detailed Information on the risk:
Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then, for example, take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.
Microsoft Office 2007 Service Pack 3Further information on this exploit is available at : MS15-081
Microsoft PowerPoint 2007 Service Pack 3
Microsoft Visio 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Affected Software
Microsoft Office 2007 Service Pack 3Microsoft PowerPoint 2007 Service Pack 3
Microsoft Visio 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)