Vulnerability Details CVE-2015-1641
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.934
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
Proposed Action
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/73995
- http://www.securitytracker.com/id/1032104
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033
- http://www.securityfocus.com/bid/73995
- http://www.securitytracker.com/id/1032104
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033
Products affected by CVE-2015-1641
-
cpe:2.3:a:microsoft:office:2010
-
cpe:2.3:a:microsoft:office_compatibility_pack:-
-
cpe:2.3:a:microsoft:office_web_apps:2010
-
cpe:2.3:a:microsoft:office_web_apps:2013
-
cpe:2.3:a:microsoft:outlook:2011
-
cpe:2.3:a:microsoft:sharepoint_server:2010
-
cpe:2.3:a:microsoft:sharepoint_server:2013
-
cpe:2.3:a:microsoft:word:2007
-
cpe:2.3:a:microsoft:word:2010
-
cpe:2.3:a:microsoft:word:2011
-
cpe:2.3:a:microsoft:word:2013