|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-01-14 | |
| Rule Name: | Microsoft Office Excel Fileversion Use after Free Vulnerability -1 (CVE-2015-2558) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |
| Impact: | A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:MS15-110 SecurityTrackerID:1033803 |
|
| Solutions |
|---|
| Microsoft has released a patch MS15-110 to eliminate the vulnerability. The patch can be downloaded at http://technet.microsoft.com/security/bulletin/MS15-110 |