当前位置: 首页 > 服务与支持 > 产品升级公告 > 安全漏洞公告

服务与支持Support

Microsoft Office组件释放后重利用漏洞(CVE-2015-0085)(MS15-022)

     发表日期:2015-03-17 10:23:26

Microsoft Office组件释放后重利用漏洞(CVE-2015-0085)(MS15-022)
CVE-ID:CVE-2015-0085
发布日期:2015-03-10
更新日期:2015-03-11
受影响系统:
Microsoft Office Word 2013 RT
Microsoft Office Word 2013
Microsoft Office Word 2010
Microsoft Office Windows SharePoint Services 3.
Microsoft Office SharePoint Server 2013
Microsoft Office SharePoint Server 2010
Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Foundation 2013
Microsoft Office SharePoint Foundation 2010
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint 2007
Microsoft Office Office Word Viewer
Microsoft Office Office Word 2007
Microsoft Office Office Web Apps 2013
Microsoft Office Office Web Apps 2010
Microsoft Office Office Web Apps
Microsoft Office Office Excel Viewer 2007
Microsoft Office Office Excel 2007
Microsoft Office Office 2013 RT
Microsoft Office Office 2013
Microsoft Office Office 2010
Microsoft Office Office 2007
Microsoft Office Excel 2010
详细信息:

Microsoft Office是微软公司开发的一套基于Windows操作系统的办公软件套装。

Office解析构造的Office文件时没有正确处理内存对象,存在释放后重利用漏洞,可使攻击者执行任意代码,破坏内存。


来源:
3S Labs
参考信息:
http://secunia.com/advisories/63238/
http://technet.microsoft.com/security/bulletin/MS15-022
解决办法:
厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS15-022)以及相应补丁:
MS15-022:Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
链接:http://technet.microsoft.com/security/bulletin/MS15-022