The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability announce CVE-2015-1682 CVE-2015-1683

Microsoft Office: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity of this bulletin: 3/4.
Consequences of an intrusion: user access/rights, denial of service on client.
Hacker's origin: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/05/2015.
Références of this threat: 3057181, CERTFR-2015-AVI-211, CVE-2015-1682, CVE-2015-1683, MS15-046, VIGILANCE-VUL-16887, ZDI-15-182.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1682, ZDI-15-182]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1683]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.