MS15-059 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
2015-06-09 This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Microsoft Office Memory Corruption Vulnerability
- Remote code execution vulnerabilities exist in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files.
CVE-2015-1759 - Microsoft Office Memory Corruption Vulnerability
- Remote code execution vulnerabilities exist in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files.
CVE-2015-1760 - Microsoft Office Uninitialized Memory Use Vulnerability
- A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
CVE-2015-1770
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
46.82%
Published
2015-06-10
Updated
2018-10-12
Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
46.82%
Published
2015-06-10
Updated
2018-10-30
CVE-2015-1770
Known exploited
Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."
Max CVSS
9.3
EPSS Score
45.94%
Published
2015-06-10
Updated
2018-10-12
CISA KEV Added
2022-03-28