CVE-2015-2557
published 2015-10-14CVE-2015-2557: Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka…
PriorityP358critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
22.49%
97.4th percentile
Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visio | — | — |
| microsoft | visio | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - October 2015
blogs_talos·2015-10-13·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday - October 2015
## Microsoft Patch Tuesday - October 2015
Microsoft's Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the bulletins are rated "Critical" and address vulnerabilities in Internet Explorer, JScript/VBScript, and the Windows Shell. The other half of the bulletins are rated "Important" and address vulnerabilities in Edge, Office, and the Windows Kernel.
## Bulletins Rated Critical MS15-106, MS15-108, are MS15-109 are rated Critical in this month's release.
MS15-106 is this month's Internet Explorer security bulletin for versions 7 through 11. In total, 14 vulnerabil
Talos
Microsoft Patch Tuesday - October 2015
blogs_talos·2015-10-13·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday - October 2015
Microsoft's Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the bulletins are rated "Critical" and address vulnerabilities in Internet Explorer, JScript/VBScript, and the Windows Shell. The other half of the bulletins are rated "Important" and address vulnerabilities in Edge, Office, and the Windows Kernel.
### Bulletins Rated Critical MS15-106, MS15-108, are MS15-109 are rated Critical in this month's release.
MS15-106 is this month's Internet Explorer security bulletin for versions 7 through 11. In total, 14 vulnerabilities were addressed with most of them bei
Bugzilla
CVE-2015-5181 A-MQ Console: script injection into queue name
bugzilla·2015-07-30·CVSS 5.4
CVE-2015-5181 [MEDIUM] CVE-2015-5181 A-MQ Console: script injection into queue name
CVE-2015-5181 A-MQ Console: script injection into queue name
It was found that A-MQ console would accept a string containing javascript as the name of a new message queue. Execution of the UI would subsequently execute the script. An attacker could use this flaw to access sensitive information or perform other attacks.
Discussion:
Acknowledgements:
Red Hat would like to thank Naftali Rosenbaum of Comsec Consulting for reporting this issue.
---
This issue has been addressed in the following products:
Red Hat JBoss A-MQ 6.2.1
Via RHSA-2015:2557 https://rhn.redhat.com/errata/RHSA-2015-2557.html
---
This issue has been addressed in the following products:
Red Hat JBoss Fuse 6.2.1
Via RHSA-2015:2556 https://rhn.redhat.com/errata/RHSA-2015-2556.html
http://www.securitytracker.com/id/1033803http://www.zerodayinitiative.com/advisories/ZDI-15-519https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110http://www.securitytracker.com/id/1033803http://www.zerodayinitiative.com/advisories/ZDI-15-519https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110
2015-10-14
Published