CVE-2015-6172

2015-12-0911:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-6172

microsoft word

office 2010

outlook

remote code execution

security vulnerability

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.212 Low

EPSS

Percentile

96.4%

JSON

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka “Microsoft Office RCE Vulnerability.”

CPENameOperatorVersion
microsoft:wordmicrosoft wordeq2013
microsoft:officemicrosoft officeeq2010
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:wordmicrosoft wordeq2010
microsoft:wordmicrosoft wordeq2007

CPE	Name	Operator	Version
microsoft:word	microsoft word	eq	2013
microsoft:office	microsoft office	eq	2010
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:word	microsoft word	eq	2010
microsoft:word	microsoft word	eq	2007