Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-012: Vulnerabilities in Microsoft Office could allow remote code execution: February 10, 2015


View products that this article applies to.

Introduction

This security update resolves vulnerabilities in Microsoft Office 2010 that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Office file in an affected version of Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

↑ Back to the top


Summary

Microsoft has released security bulletin MS15-012. Learn more about how to obtain the fixes that are included in this security bulletin: 

↑ Back to the top


How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top


More information about this security update

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2920753 MS15-012: Description of the security update for Microsoft Excel 2013: February 10, 2015
  • 2920788 MS15-012: Description of the security update for Microsoft Excel 2007: February 10, 2015
  • 2920791 MS15-012: Description of the security update for Microsoft Office Excel Viewer 2007: February 10, 2015
  • 2920810 MS15-012: Description of the security update for SharePoint Server 2010: February 10, 2015
  • 2956058 MS15-012: Description of the security update for Office 2010: February 10, 2015
  • 2956066 MS15-012: Description of the security update for Word 2010: February 10, 2015
  • 2956070 MS15-012: Description of the security update for Office Web Apps 2010: February 10, 2015
  • 2956073 MS15-012: Description of the security update for Office 2010 Proofing Tools: February 10, 2015
  • 2956081 MS15-012: Description of the security update for Microsoft Excel 2010: February 10, 2015
  • 2956092 MS15-012: Description of the security update for Word Viewer: February 10, 2015
  • 2956097 MS15-012: Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: February 10, 2015
  • 2956098 MS15-012: Description of the security update for Office Compatibility Pack SP3: February 10, 2015
  • 2956099 MS15-012: Description of the security update for Word 2007: February 10, 2015

↑ Back to the top


Security update deployment

The 2007 Microsoft Office system (all editions) and other software

Reference table

The following table contains the security update information for this software.

Security update file nameFor Microsoft Excel 2007 Service Pack 3:
excel2007-kb2920788-fullfile-x86-glb.exe

For Microsoft Office Word 2007 Service Pack 3:
word2007-kb2956099-fullfile-x86-glb.exe

For Microsoft Word Viewer:
office-kb2956092-fullfile-enu.exe

For Microsoft Excel Viewer:
xlview2007-kb2920791-fullfile-x86-glb.exe

For Microsoft Office Compatibility Pack:
xlconv2007-kb2956097-fullfile-x86-glb.exe

wordconv2007-kb2956098-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2920788
See Microsoft Knowledge Base Article 2956099
See Microsoft Knowledge Base Article 2956092
See Microsoft Knowledge Base Article 2920791
See Microsoft Knowledge Base Article 2956097
See Microsoft Knowledge Base Article 2956098
Registry key verificationNot applicable

Microsoft Office 2010 (all editions)

Reference table

The following table contains the security update information for this software.


Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions) (proofing tools)
proofloc2010-kb2956073-fullfile-x86-glb.exe
kb24286772010-kb2956058-fullfile-x86-glb.exe

For Microsoft Office 2010 Service Pack 2 (64-bit editions) (proofing tools)
proofloc2010-kb2956073-fullfile-x64-glb.exe
kb24286772010-kb2956058-fullfile-x64-glb.exe

For Microsoft Excel 2010 Service Pack 2 (32-bit editions)
excel2010-kb2956081-fullfile-x86-glb.exe

For Microsoft Excel 2010 Service Pack 2 (64-bit editions)
excel2010-kb2956081-fullfile-x64-glb.exe

For Microsoft Word 2010 Service Pack 2 (32-bit editions)
word2010-kb2956066-fullfile-x86-glb.exe

For Microsoft Word 2010 Service Pack 2 (64-bit editions)
word2010-kb2956066-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2956073
See Microsoft Knowledge Base Article 2956058
See Microsoft Knowledge Base Article 2956081
See Microsoft Knowledge Base Article 2956066
Registry key verificationNot applicable

Microsoft SharePoint Server 2010 (all versions)

Reference table

The following table contains the security update information for this software.


Security update file nameFor Word Automation Services on supported editions of Microsoft SharePoint Server 2010 Service Pack 2:
wdsrv2010-kb2920810-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 2920810
Registry key verificationNot applicable

Microsoft Office Web Apps 2010 (all versions)

Reference table

The following table contains the security update information for this software.


Security update file nameFor Microsoft Office Web Apps 2010 Service Pack 2:
wac2010-kb2956070-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 2956070
Registry key verificationNot applicable

Microsoft Excel 2013 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file nameFor supported editions of Microsoft Excel 2013 (32-bit editions):
excel2013-kb2920753-fullfile-x86-glb.exe

For supported editions of Microsoft Excel 2013 (64-bit editions):
excel2013-kb2920753-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2920753
Registry key verificationNot applicable

Microsoft Excel 2013 RT (all editions)

Reference Table
The following table contains the security update information for this software.
DeploymentThe 2920753 update for Microsoft Excel 2013 RT is available through Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 2920753


↑ Back to the top


File hash information
File name SHA1SHA256
excel2013-kb2920753-fullfile-x64-glb.exe04A4C8A9E62527A85981264480C3E03D90A627290791E4F299A998FA79CFF1151592C699EB46614A3999822DB1B7E467FB203EC4
excel2013-kb2920753-fullfile-x86-glb.exeBF59EB6F47D48ED5911830F24FF5838EE00DE9F35793BB7C7BDFFF07C74544CDC594D54ED83492E3FB51659DCEAD4AC11F515552
excel2007-kb2920788-fullfile-x86-glb.exeFF5A5D33C9743BA79F05DB2596B51517302411774D6F0F7FF3DADD72BA0E28920DF88D69ED753C7497988941D52791B1953305AB
xlview2007-kb2920791-fullfile-x86-glb.exe2BCB952909500BDC2AF22AF76B6DF3B3B96F78191230CE9443F8F7CC5F2D1A238AE9BD8E05D332641116868619DDA03E8D83D514
otkruntimertl2007-kb2920795-fullfile-x86-glb.exe9E423B72F91C60335E3316F3BB70679DF1B3CE09CCCCDBFC7326E8A8138ED318E730132B7CFD22631608E6AFD9D2C73D3871027C
wdsrv2010-kb2920810-fullfile-x64-glb.exe823F52B3F9A3866F98FF6F365AB28FB71EA67A3E288268B899364785F073440A5C945B41B81A57BE76C0B0D615A90115D1D7D4D3
kb24286772010-kb2956058-fullfile-x64-glb.exe8F95264F21BFB3FFD7C15AF264D5461305A852105F1D0B07B63DC4C311A6CADA97F0F49F1A2DC8598E666B531882FA75267A5B76
kb24286772010-kb2956058-fullfile-x86-glb.exe9B2EAD8AAE7327C00E2BDC8DE4CA5821E3E061E9D44488F8DF16BD0136EB6F2D5B7F5B37B7FBDE1B7FEF4FA7FFB40B62BB2AC1B9
word2010-kb2956066-fullfile-x64-glb.exeC14FB12EEC71C52412372C9163FF7B3441CD96DF5157F2CCA635601397AB9C485170B8CB8F869A8ECB97F01AD69579F4277CED4D
word2010-kb2956066-fullfile-x86-glb.exeDAAC3BC79D370CF725193318CEA25BF837E802C1290BDB6D2F9EB4853CB40F77140D166C001B8A2CF54ACA483AD95D1F1A30D7D7
wac2010-kb2956070-fullfile-x64-glb.exeED784949EF696481AAEEEC4F61D5ADE274D1E816B6FE66EA7F57542460DA1338252DCBE735FB8D411CC90C69B64B331F47D1E65D
proofloc2010-kb2956073-fullfile-x64-glb.exeC0714A0051F319C20254A108F5A73A076430B6441C81AC16D7C0A6A7B6E4F67AD25D0C4044BB2BD5D55854AED12BB4BD4E623E78
proofloc2010-kb2956073-fullfile-x86-glb.exeFDB1FB5E02C03FF89FC728D5FFF8C9971DC8DE0A728CD8CB71F9011CF4E7CAF3C7ED76A0C0EF44B64FEFF503253F16003A587FE2
excel2010-kb2956081-fullfile-x64-glb.exe13B0CA14CBFA689E95FA54154867E9CE5EF128D36FF975BED8556F33648365AB8088508A04231B655C4CEB2E03122BE5FA14E0E7
excel2010-kb2956081-fullfile-x86-glb.exe64BFABE82799B3B77DC2D64B50451F83ED9458954B67B30EF6F60C20933DC11A30ADA4BDE4D700A6134093E93464868478CE8FBB
xlconv2007-kb2956097-fullfile-x86-glb.exeCD886F1462CA1A7E727C2E833A1D5AE19AF644B2A9B5F0443A98161A8DCB15B94069B0646C9E6558FD5E8A9CAE5C6CDBE7ED4A93
wordconv2007-kb2956098-fullfile-x86-glb.exe9E796AEF1F1F214794911C9EBAF6530E841D55E18D75C15968A802E2144038B8DB995D58C5520EE1D0EEA70DF6FE65065A66E8A9
word2007-kb2956099-fullfile-x86-glb.exe724D384C9D2149632A67D3D949E3840B8CB3775D71562C4980603524312A6DAC1AB5C6C708E08A8C1CABD9A74EE3F1C590D3BA80

↑ Back to the top


Keywords: kb, atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew

↑ Back to the top

Article Info
Article ID : 3032328
Revision : 1
Created on : 1/7/2017
Published on : 2/10/2015
Exists online : False
Views : 444