CVE-2015-1770 | Microsoft Office - Office Core Operational Intel

Executive Risk Summary

"A remote code execution vulnerability exists in Microsoft Office due to the improper handling of uninitialized memory. This vulnerability can be exploited by an attacker to execute arbitrary code via a crafted Office document."

Anticipated Attack Path

1. Phishing or social engineering to deliver a crafted Office document
2. User opens the malicious document, triggering the vulnerability
3. Arbitrary code execution on the victim's system

Am I Vulnerable?

Verify the version of Microsoft Office installed
Check for the presence of the vulnerability using a vulnerability scanner
Apply the patch from MS15-059 to remediate the vulnerability

Operational Audit Arsenal

Target Type Process

Target Asset winword.exe

Standard Path C:\Program Files\Microsoft Office\root\Office16

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: winword.exe (Process)
$Targets = 'winword.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}