Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)

  Severity: CRITICAL
  CVE Identifier: 2015-1649,MS15-033
  Advisory Date: APR 06, 2016

  DESCRIPTION

A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Trend Micro researcher Jack Tang disclosed details about this vulnerability to Microsoft. The said company acknowledged Tang’s research contribution.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Name: 1006625 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Office

Featured Stories