Microsoft Office CTaskSymbol Use-After-Free Vulnerability
-
Yong Chuan Koh - Published: 17 Aug 2015
Microsoft Office CTaskSymbol Use-After-Free Vulnerability
CVE-2015-1642
Share
Type
- CTaskSymbol Use-After-Free Vulnerability
Severity
- High
Affected products
- Microsoft Office
CVE Reference
- CVE-2015-1642
Timeline
| 27/02/2015 | MWR Labs reported issue with technical details and POC |
| 28/02/2015 | Microsoft acknowledge receipt and start investigation of issue |
| 02/04/2015 | Microsoft replied that issue is assigned CVE-2015-1642 |
| 11/08/2015 | Microsoft released patch as part of MS15-081 |
| 17/08/2015 | MWR Labs released advisory |
Download the advisory here
An use-after-free vulnerability (CVE-2015-1642) was discovered as the affected application improperly handles the CTaskSymbol COM object in memory while parsing a crafted Office file. If persuaded to open the crafted Office file, a successful exploitation would allow an attacker to run arbitrary code in the context of the victim.
Description
Microsoft Office is a suite of desktop applications consisting of Word, Powerpoint, Excel, Outlook and various other productivity applications. The applications are affected by a use-after-free vulnerability while parsing a specially crafted Office file as a result of the application loading the CTaskSymbolCOM object in memory.
Impact
If persuaded to open the crafted Office file, a successful exploitation would allow an attacker to run arbitrary code in the context of the target application.
Cause
The vulnerability exists because Microsoft Office incorrectly dereferences the CTaskSymbol object after it is freed.
Interim Workaround
Avoid opening Office files from untrusted sources or view them in Protected-View mode.
Solution
Users should apply MS15-081 updates from Microsoft.
Technical Details
Refer to attached detailed advisory above.