CVE-2015-1641

2015-04-1420:59:00

CWE-399

[email protected]

web.nvd.nist.gov

1032

In Wild

cve-2015-1641

microsoft word

office 2010

office 2013

word for mac

memory corruption

vulnerability

nvd

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.4%

JSON

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka “Microsoft Office Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:wordmicrosoft wordeq2013
microsoft:wordmicrosoft wordeq2011
microsoft:office_web_appsmicrosoft office web appseq2013
microsoft:officemicrosoft officeeq2010
microsoft:office_web_appsmicrosoft office web appseq2010
microsoft:sharepoint_servermicrosoft sharepoint servereq2010
microsoft:sharepoint_servermicrosoft sharepoint servereq2013
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:wordmicrosoft wordeq2010
microsoft:wordmicrosoft wordeq2007

CPE	Name	Operator	Version
microsoft:word	microsoft word	eq	2013
microsoft:word	microsoft word	eq	2011
microsoft:office_web_apps	microsoft office web apps	eq	2013
microsoft:office	microsoft office	eq	2010
microsoft:office_web_apps	microsoft office web apps	eq	2010
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010
microsoft:sharepoint_server	microsoft sharepoint server	eq	2013
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:word	microsoft word	eq	2010
microsoft:word	microsoft word	eq	2007