CVE-2015-2423:Unsafe Command Line Parameter Passing Vulnerability in Microsoft Windows and Office Applications

splash
Back

Description Preview

The vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allows remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, resulting in a transition from Low Integrity to Medium Integrity.

Overview

This vulnerability allows remote attackers to escalate privileges and access sensitive information by exploiting a flaw in the way command-line parameters are handled in Microsoft Windows and Office applications. By manipulating the command-line parameters, attackers can execute arbitrary code with elevated privileges, potentially leading to unauthorized access to sensitive data.

Remediation

To mitigate this vulnerability, Microsoft released security updates as part of the following bulletins:

  • MS15-081: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081
  • MS15-088: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088
  • MS15-079: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079

Users and administrators are advised to apply the necessary security patches provided by Microsoft to address this vulnerability and prevent potential exploitation.

References

  1. MS15-081: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081
  2. MS15-088: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088
  3. MS15-079: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079
  4. CVE-2015-2423: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Transportation & Warehousing
    Transportation & Warehousing
  5. Finance and Insurance
    Finance and Insurance
  6. Educational Services
    Educational Services
  7. Retail Trade
    Retail Trade
  8. Utilities
    Utilities
  9. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  10. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  11. Management of Companies & Enterprises
    Management of Companies & Enterprises
  12. Other Services (except Public Administration)
    Other Services (except Public Administration)
  13. Accommodation & Food Services
    Accommodation & Food Services
  14. Information
    Information
  15. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  16. Construction
    Construction
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Wholesale Trade
    Wholesale Trade
  19. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  20. Mining
    Mining

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background