CVE-2015-0064: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office…

CVE-2015-0064 [HIGH] GHSA-mhfm-wr84-w85g: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, a Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."

CVE-2015-0064 Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow --- Source: https://code.google.com/p/google-security-research/issues/detail?id=170&can=1 The following access violation was observed in Microsoft Office 2007 (Word document): (e24.e28): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=0583a748 ebx=00eb4684 ecx=003ad1a3 edx=00000000 esi=049860bc edi=00122238 eip=7814500a esp=001221e0 ebp=001221e8 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212 MSVCR80!memcpy+0x5a: 7814500a f3a5 rep movsd ds:049860bc=???????? es:00122238=3348bcd8 0:000> k ChildEBP RetAddr 001221e8 31249c0e MSVCR80!memcpy+0x5a 00122204 3126a371 wwlib!

[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed ## Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager. ## Bulletins Rated Critical MS15-009, MS15-010, and MS15-011 are rated Critical. MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilitie

[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager. ### Bulletins Rated CriticalMS15-009, MS15-010, and MS15-011 are rated Critical. MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilities that could result in remote code execution. A couple ASLR bypasses, pr

[MEDIUM] Zscaler detects IE & MS Office Vulnerabilities | 02-10-2015 Provide users with seamless, secure, reliable access to applications and data. Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners. Industry Report Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE) USE CASES INDUSTRY & MARKET SOLUTIONS PARTNERS TECHNOLOGY PARTNERS Resource Center Events & Trainings Security Research & Services Tools Community & Support CXO REVOLUTIONARIES Amplifying the voices of real-world digital and zero trust pioneers Discover how it began and where it’s going Meet o

CVE-2015-7853 [CRITICAL] CVE-2015-7853 ntp: reference clock memory corruption vulnerability CVE-2015-7853 ntp: reference clock memory corruption vulnerability The following flaw was found in ntpd: A potential buffer overflow vulnerability exists in the refclock of ntpd. An invalid length provided by a hardware reference clock could cause a buffer overflow potentially resulting in memory being modified. A malicious reflock could provide a negative length to trigger this vulnerability. External References: http://talosintel.com/reports/TALOS-2015-0064/ http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner Discussion: Upstream patch: https://github.com/ntp-project/ntp/commit/8482b536f9494a5d45196ab5b7e13040f5940261 --- Created ntp tracking bugs for this issue: Affects: fedora-all [bug 1296163] --- Statement: This issue did not affect the v