Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181) |
Informations | |||
---|---|---|---|
Name | MS15-046 | First vendor Publication | 2015-05-12 |
Vendor | Microsoft | Last vendor Modification | 2015-10-13 |
Severity (Vendor) | Important | Revision | 4.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Severity Rating: Important |
Original Source
Url : https://technet.microsoft.com/en-us/library/security/MS15-046 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:28547 | |||
Oval ID: | oval:org.mitre.oval:def:28547 | ||
Title: | Microsoft Office memory corruption vulnerability – CVE-2015-1682 (MS15-046) | ||
Description: | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2015-1682 | Version: | 3 |
Platform(s): | Apple Mac OS X Apple Mac OS X Server | Product(s): | Microsoft Office 2011 for Mac |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28645 | |||
Oval ID: | oval:org.mitre.oval:def:28645 | ||
Title: | Microsoft Office memory corruption vulnerability – CVE-2015-1682 (MS15-046) | ||
Description: | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2015-1682 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Excel 2013 Microsoft Excel 2010 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft PowerPoint 2013 Microsoft PowerPoint 2010 Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft Word 2010 Microsoft Word 2013 Microsoft PowerPoint Viewer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28723 | |||
Oval ID: | oval:org.mitre.oval:def:28723 | ||
Title: | Microsoft Office memory corruption vulnerability – CVE-2015-1683 (MS15-046) | ||
Description: | Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2015-1683 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Office 2007 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 1 | |
Application | 6 | |
Application | 2 | |
Application | 4 | |
Application | 1 | |
Application | 2 | |
Application | 2 | |
Application | 4 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-05-14 | IAVM : 2015-A-0103 - Multiple Vulnerabilities in Microsoft Office Products (MS15-046) Severity : Category II - VMSKEY : V0060643 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-06-17 | Microsoft Office Word incorrect ptCount element denial of service attempt RuleID : 34429 - Revision : 4 - Type : FILE-OFFICE |
2015-06-17 | Microsoft Office Word incorrect ptCount element denial of service attempt RuleID : 34428 - Revision : 3 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-13 | Name : An application installed on the remote Mac OS X host is affected by a remote ... File : macosx_ms15-046_office_2011.nasl - Type : ACT_GATHER_INFO |
2015-05-13 | Name : The remote host is affected by multiple remote code execution vulnerabilities. File : smb_nt_ms15-046.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-01-03 09:24:50 |
|
2015-10-18 17:26:32 |
|
2015-10-13 21:28:12 |
|
2015-10-13 21:16:32 |
|
2015-06-17 21:26:36 |
|
2015-06-09 21:30:51 |
|
2015-06-09 21:17:08 |
|
2015-05-20 00:30:00 |
|
2015-05-20 00:15:38 |
|
2015-05-14 13:28:21 |
|
2015-05-13 21:31:13 |
|
2015-05-13 17:29:40 |
|
2015-05-12 21:30:29 |
|
2015-05-12 21:17:01 |
|