CVE-2015-6092

2015-11-1112:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-6092

microsoft word

remote code execution

vulnerability

microsoft office

office 2010

office 2013

word 2016

memory corruption

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.236 Low

EPSS

Percentile

96.5%

JSON

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:wordmicrosoft wordeq2013
microsoft:wordmicrosoft wordeq2016
microsoft:officemicrosoft officeeq2010
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:wordmicrosoft wordeq2010
microsoft:word_viewermicrosoft word viewereq*
microsoft:wordmicrosoft wordeq2007

CPE	Name	Operator	Version
microsoft:word	microsoft word	eq	2013
microsoft:word	microsoft word	eq	2016
microsoft:office	microsoft office	eq	2010
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:word	microsoft word	eq	2010
microsoft:word_viewer	microsoft word viewer	eq	*
microsoft:word	microsoft word	eq	2007