CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-022 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999) | Microsoft Office | Critical | 11-03-2015 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.
Detailed Information on the risk:
Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
Further information on this exploit is available at : MS15-022
Microsoft Office 2010
Microsoft Office 2013
Microsoft Word Viewer
Microsoft Excel Viewer
Affected Software
Microsoft Office 2007Microsoft Office 2010
Microsoft Office 2013
Microsoft Word Viewer
Microsoft Excel Viewer