CVE-2015-6124

2015-12-0911:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-6124

microsoft

word

office

memory corruption

vulnerability

remote execution

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.236 Low

EPSS

Percentile

96.5%

JSON

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2010
microsoft:officemicrosoft officeeq2013
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:wordmicrosoft wordeq2007

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2010
microsoft:office	microsoft office	eq	2013
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:word	microsoft word	eq	2007