cvelistv5 - cve-2015-1639

CVE-2015-1639 (GCVE-0-2015-1639)

Vulnerability from cvelistv5 – Published: 2015-04-14 20:00 – Updated: 2024-08-06 04:47

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1032104	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:47:17.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032104",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032104"
          },
          {
            "name": "MS15-033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1032104",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032104"
        },
        {
          "name": "MS15-033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-1639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032104",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032104"
            },
            {
              "name": "MS15-033",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-1639",
    "datePublished": "2015-04-14T20:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:47:17.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \\\"Microsoft Outlook App for Mac XSS Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en Microsoft Office for Mac 2011 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\\u00e9s de vectores no especificados, tambi\\u00e9n conocido como \u0027vulnerabilidad de XSS en Microsoft Outlook App for Mac.\u0027\"}]",
      "id": "CVE-2015-1639",
      "lastModified": "2024-11-21T02:25:50.263",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-04-14T20:59:03.343",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1032104\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1639\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2015-04-14T20:59:03.343\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \\\"Microsoft Outlook App for Mac XSS Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en Microsoft Office for Mac 2011 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como \u0027vulnerabilidad de XSS en Microsoft Outlook App for Mac.\u0027\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1032104\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1032104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2015-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Microsoft Office Service Pack 3
Microsoft	Office	Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2011 pour Mac
Microsoft	Office	Microsoft Word 2011 pour Mac
Microsoft	Office	Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft	Office	Microsoft Office 2010 Service Pack 2
Microsoft	Office	Microsoft Outlook pour Mac pour Office 365
Microsoft	Office	Microsoft Word 2013 RT Service Pack 1
Microsoft	Office	Microsoft Word 2007 Service Pack 3
Microsoft	Office	Word Automation Services sur Microsoft Sharepoint Server 2013 Service Pack 1
Microsoft	Office	Microsoft Word 2010 Service Pack 2
Microsoft	Office	Microsoft Word 2013 Service Pack 1
Microsoft	Office	Visionneuse Microsoft Word

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-033 du 14 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Microsoft Office Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2011 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2011 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps Server 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook pour Mac pour Office 365",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Word Automation Services sur Microsoft Sharepoint Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visionneuse Microsoft Word",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1650"
    },
    {
      "name": "CVE-2015-1649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1649"
    },
    {
      "name": "CVE-2015-1639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1639"
    },
    {
      "name": "CVE-2015-1651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1651"
    },
    {
      "name": "CVE-2015-1641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1641"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-033 du 14 avril 2015",
      "url": "https://technet.microsoft.com/en-us/library/security/MS15-033"
    }
  ]
}

CERTFR-2015-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Microsoft Office Service Pack 3
Microsoft	Office	Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2011 pour Mac
Microsoft	Office	Microsoft Word 2011 pour Mac
Microsoft	Office	Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft	Office	Microsoft Office 2010 Service Pack 2
Microsoft	Office	Microsoft Outlook pour Mac pour Office 365
Microsoft	Office	Microsoft Word 2013 RT Service Pack 1
Microsoft	Office	Microsoft Word 2007 Service Pack 3
Microsoft	Office	Word Automation Services sur Microsoft Sharepoint Server 2013 Service Pack 1
Microsoft	Office	Microsoft Word 2010 Service Pack 2
Microsoft	Office	Microsoft Word 2013 Service Pack 1
Microsoft	Office	Visionneuse Microsoft Word

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-033 du 14 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Microsoft Office Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2011 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2011 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps Server 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook pour Mac pour Office 365",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Word Automation Services sur Microsoft Sharepoint Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visionneuse Microsoft Word",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1650"
    },
    {
      "name": "CVE-2015-1649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1649"
    },
    {
      "name": "CVE-2015-1639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1639"
    },
    {
      "name": "CVE-2015-1651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1651"
    },
    {
      "name": "CVE-2015-1641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1641"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-033 du 14 avril 2015",
      "url": "https://technet.microsoft.com/en-us/library/security/MS15-033"
    }
  ]
}

GSD-2015-1639

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1639

Aliases

CVE-2015-1639

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1639",
    "description": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\"",
    "id": "GSD-2015-1639"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1639"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\"",
      "id": "GSD-2015-1639",
      "modified": "2023-12-13T01:20:05.387352Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2015-1639",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032104",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032104"
          },
          {
            "name": "MS15-033",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-1639"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032104",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032104"
            },
            {
              "name": "MS15-033",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:08Z",
      "publishedDate": "2015-04-14T20:59Z"
    }
  }
}

CNVD-2015-02510

Vulnerability from cnvd - Published: 2015-04-17

Title

Microsoft Outlook App for Mac跨站脚本漏洞

Description

Microsoft Office for Mac 2011是一款用于Mac系统的办公套件。 Microsoft Office for Mac 2011存在未明跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。

Severity

中

Patch Name

Microsoft Outlook App for Mac跨站脚本漏洞的补丁

Patch Description

Microsoft Office for Mac 2011是一款用于Mac系统的办公套件。Microsoft Office for Mac 2011存在未明跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://technet.microsoft.com/security/bulletin/MS15-0

Reference

http://technet.microsoft.com/security/bulletin/MS15-033 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1639

Impacted products

Name
Microsoft Office for Mac 2011

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "73991"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1639"
    }
  },
  "description": "Microsoft Office for Mac 2011\u662f\u4e00\u6b3e\u7528\u4e8eMac\u7cfb\u7edf\u7684\u529e\u516c\u5957\u4ef6\u3002\r\n\r\nMicrosoft Office for Mac 2011\u5b58\u5728\u672a\u660e\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://technet.microsoft.com/security/bulletin/MS15-0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02510",
  "openTime": "2015-04-17",
  "patchDescription": "Microsoft Office for Mac 2011\u662f\u4e00\u6b3e\u7528\u4e8eMac\u7cfb\u7edf\u7684\u529e\u516c\u5957\u4ef6\u3002Microsoft Office for Mac 2011\u5b58\u5728\u672a\u660e\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Outlook App for Mac\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Office for Mac 2011"
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/MS15-033\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1639",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-15",
  "title": "Microsoft Outlook App for Mac\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

FKIE_CVE-2015-1639

Vulnerability from fkie_nvd - Published: 2015-04-14 20:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	secure@microsoft.com	http://www.securitytracker.com/id/1032104
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032104
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033

Impacted products

	Vendor	Product	Version
	microsoft	office	2011

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
              "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Microsoft Office for Mac 2011 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como \u0027vulnerabilidad de XSS en Microsoft Outlook App for Mac.\u0027"
    }
  ],
  "id": "CVE-2015-1639",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-14T20:59:03.343",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1032104"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HG8Q-875P-6PXX

Vulnerability from github – Published: 2022-05-14 02:29 – Updated: 2022-05-14 02:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-14T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Outlook App for Mac XSS Vulnerability.\"",
  "id": "GHSA-hg8q-875p-6pxx",
  "modified": "2022-05-14T02:29:16Z",
  "published": "2022-05-14T02:29:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1639"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032104"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1639 (GCVE-0-2015-1639)

CERTFR-2015-AVI-151

Solution

CERTFR-2015-AVI-151

Solution

GSD-2015-1639

CNVD-2015-02510

FKIE_CVE-2015-1639

GHSA-HG8Q-875P-6PXX

Tags

Sightings

Nomenclature