Microsoft Office Uninitialized Memory Use Vulnerability
-
Yong Chuan Koh - Published: 25 Jun 2015
Microsoft Office Uninitialized Memory Use Vulnerability
CVE-2015-1770
Share
Type
- Microsoft Office Uninitialised Memory Use Vulnerability
Severity
- High
Affected products
- Microsoft Office
CVE Reference
- CVE-2015-1770
Timeline
| 15/04/2015 | MWR Labs reported issue with technical details and POC |
| 28/04/2015 | Microsoft acknowledged and started investigation of issue |
| 09/06/2015 | Microsoft released patch as part of MS15-059 |
| 25/06/2015 | MWR Labs released advisory |
An uninitialized memory use vulnerability (CVE-2015-1770) was discovered as the affected application only partially initialized the osf.Sandbox.1 COM object in memory while parsing a crafted Office file. If persuaded to open a crafted Office file, successful exploitation would allow an attacker to run arbitrary code in the context of the user.
Description
Microsoft Office is a suite of desktop applications consisting of Microsoft Word, PowerPoint, Excel, Outlook and various other productivity applications. The applications are affected by an uninitialised memory use vulnerability while parsing a specially crafted Office file as a result of the application only partially initialising the osf.Sandbox.1 COM object in memory.
Impact
If persuaded to open the crafted Office file, a successful exploitation would allow an attacker to run arbitrary code in the context of the target application.
Cause
The vulnerability exists because Microsoft Office does not properly initialise the osf.Sandbox.1 COM object.
Interim Workaround
Avoid opening Office files from untrusted sources or view them in Protected-View mode. Alternatively, it is possible to disable the osf.Sandbox ActiveX plugin in Office.
Solution
Users should apply MS15-059 updates from Microsoft.
Technical Details
Refer to attached detailed advisory above.