The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Outlook

vulnerability CVE-2015-2522

Microsoft SharePoint: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Microsoft SharePoint, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 08/09/2015.
Identifiers: 3089664, CERTFR-2015-AVI-379, CVE-2015-2522, MS15-099, VIGILANCE-VUL-17846.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft SharePoint product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Microsoft SharePoint, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2015-2520 CVE-2015-2521 CVE-2015-2523

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Microsoft Office et SharePoint.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/09/2015.
Identifiers: 3089664, CERTFR-2015-AVI-379, CVE-2015-2520, CVE-2015-2521, CVE-2015-2523, CVE-2015-2545, MS15-099, VIGILANCE-VUL-17845.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office et SharePoint.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2520]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2521]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2523]

An attacker can use a vulnerability when EPS files are processed, in order to run code. [severity:3/4; CVE-2015-2545]
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2015-2506 CVE-2015-2507 CVE-2015-2508

Windows, Office, Lync: multiple vulnerabilities of Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, Office, and Lync.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 08/09/2015.
Identifiers: 3089656, CERTFR-2015-AVI-380, CVE-2015-2506, CVE-2015-2507, CVE-2015-2508, CVE-2015-2510, CVE-2015-2511, CVE-2015-2512, CVE-2015-2517, CVE-2015-2518, CVE-2015-2527, CVE-2015-2529, CVE-2015-2546, CVE-2018-7249, CVE-2018-7250, MS15-097, VIGILANCE-VUL-17843, ZDI-15-457.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Windows, Office, and Lync.

An attacker can generate a memory corruption in OpenType Font, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2506]

An attacker can bypass security features in Windows Adobe Type Manager Library, in order to escalate his privileges. [severity:2/4; CVE-2015-2507]

An attacker can bypass security features in Windows Adobe Type Manager Library, in order to escalate his privileges. [severity:2/4; CVE-2015-2508]

An attacker can bypass security features in Windows Adobe Type Manager Library, in order to escalate his privileges. [severity:2/4; CVE-2015-2512]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2510]

An attacker can generate a memory corruption in Win32k, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2511]

An attacker can generate a memory corruption in Win32k, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2517]

An attacker can generate a memory corruption in Win32k, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2518]

An attacker can generate a memory corruption in Win32k, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2546]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2015-2527]

An attacker can guess the memory layout of a process, to bypass ASLR, in order to ease the next step of the attack. [severity:1/4; CVE-2015-2529]

An attacker can bypass security features in secdrv.sys, in order to escalate his privileges. [severity:2/4; ZDI-15-457]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-2434 CVE-2015-2440 CVE-2015-2471

Windows, Office: three vulnerabilities of XML Core Services

Synthesis of the vulnerability

An attacker can use several vulnerabilities of XML Core Services of Windows.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/08/2015.
Identifiers: 3080129, CERTFR-2015-AVI-338, CVE-2015-2434, CVE-2015-2440, CVE-2015-2471, MS15-084, VIGILANCE-VUL-17634, ZDI-15-381.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in XML Core Services used by Windows/Office.

An attacker can force the usage of SSLv2, in order to obtain sensitive information. [severity:2/4; CVE-2015-2434]

An attacker can guess the memory layout of a process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2440, ZDI-15-381]

An attacker can force the usage of SSLv2, in order to obtain sensitive information. [severity:2/4; CVE-2015-2471]
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2015-1642 CVE-2015-2423 CVE-2015-2466

Microsoft Office: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 11/08/2015.
Identifiers: 3080790, CERTFR-2015-AVI-335, CERTFR-2015-AVI-342, CVE-2015-1642, CVE-2015-2423, CVE-2015-2466, CVE-2015-2467, CVE-2015-2468, CVE-2015-2469, CVE-2015-2470, CVE-2015-2477, MS15-081, VIGILANCE-VUL-17631.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can force the usage of a freed memory area in CTaskSymbol, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-1642]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2467]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2468]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2469]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2477]

An attacker can use, for example from Internet Explorer, a special command line on Windows, in order to run some programs, such as Notepad or Office (VIGILANCE-VUL-17638). [severity:2/4; CERTFR-2015-AVI-342, CVE-2015-2423]

An attacker can use a malicious Template, in order to run code. [severity:3/4; CVE-2015-2466]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2470]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2015-2431 CVE-2015-2435 CVE-2015-2455

Microsoft Office: six vulnerabilities of Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphics Component of Microsoft Office.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 11/08/2015.
Identifiers: 3078662, CERTFR-2015-AVI-334, CVE-2015-2431, CVE-2015-2435, CVE-2015-2455, CVE-2015-2456, CVE-2015-2463, CVE-2015-2464, MS15-080, VIGILANCE-VUL-17628, ZDI-15-387, ZDI-15-388.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption in Office Graphics Library Font, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2431]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2435, ZDI-15-387]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2455, ZDI-15-388]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2456]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2463]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2464]
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2015-2375 CVE-2015-2376 CVE-2015-2377

Microsoft Office: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 15/07/2015.
Identifiers: 3072620, CERTFR-2015-AVI-297, CVE-2015-2375, CVE-2015-2376, CVE-2015-2377, CVE-2015-2378, CVE-2015-2379, CVE-2015-2380, CVE-2015-2415, CVE-2015-2424, MS15-070, VIGILANCE-VUL-17360, ZDI-15-326, ZDI-15-327, ZDI-15-328.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2376, ZDI-15-326]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2377, ZDI-15-327]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2379]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2380]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2415]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-2424]

An attacker can guess the memory layout of a Microsoft Excel process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2375, ZDI-15-328]

An attacker can invite the victim to open an Excel document from a directory containing a malicious DLL, in order to run code. [severity:3/4; CVE-2015-2378]
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2015-1759 CVE-2015-1760 CVE-2015-1770

Microsoft Office: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/06/2015.
Identifiers: 3064949, CERTFR-2015-AVI-246, CVE-2015-1759, CVE-2015-1760, CVE-2015-1770, MS15-059, VIGILANCE-VUL-17091.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Three vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1759]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1760]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1770]
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2015-1682 CVE-2015-1683

Microsoft Office: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/05/2015.
Identifiers: 3057181, CERTFR-2015-AVI-211, CVE-2015-1682, CVE-2015-1683, MS15-046, VIGILANCE-VUL-16887, ZDI-15-182.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1682, ZDI-15-182]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1683]
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2015-1639 CVE-2015-1641 CVE-2015-1649

Microsoft Office: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/04/2015.
Identifiers: 3048019, CERTFR-2015-AVI-151, CVE-2015-1639, CVE-2015-1641, CVE-2015-1649, CVE-2015-1650, CVE-2015-1651, MS15-033, VIGILANCE-VUL-16596, ZDI-15-132.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1641]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1649]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1650, ZDI-15-132]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1651]

An attacker can trigger a Cross Site Scripting in Microsoft Outlook App for Mac, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-1639]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Outlook: