CVE-2015-0086

2015-03-1110:59:13

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.771

Percentile

98.2%

JSON

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka “Microsoft Office Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2010sp2x64

microsoftofficeMatch2010sp2x86

microsoftoffice_compatibility_packsp3

microsoftoffice_web_apps_serverMatch2013gold

microsoftoffice_web_apps_serverMatch2013sp1

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013--gold

microsoftsharepoint_serverMatch2013sp1

microsoftweb_applicationsMatch2010sp2

microsoftwordMatch2007sp3

microsoftwordMatch2010sp2

microsoftwordMatch2013rt_gold

microsoftwordMatch2013sp1

microsoftword_viewer

VendorProductVersionCPE
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*
microsoftoffice_compatibility_pack*cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
microsoftoffice_web_apps_server2013cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:gold:*:*:*
microsoftoffice_web_apps_server2013cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
microsoftsharepoint_server2013cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*
microsoftsharepoint_server2013cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
microsoftweb_applications2010cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*
microsoftword2007cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:::::x64:*
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:::::x86:*
microsoft	office_compatibility_pack	*	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
microsoft	office_web_apps_server	2013	cpe:2.3:a:microsoft:office_web_apps_server:2013::::gold:::
microsoft	office_web_apps_server	2013	cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1::::::
microsoft	sharepoint_server	2010	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
microsoft	sharepoint_server	2013	cpe:2.3:a:microsoft:sharepoint_server:2013:-:-::gold:::
microsoft	sharepoint_server	2013	cpe:2.3:a:microsoft:sharepoint_server:2013:sp1::::::
microsoft	web_applications	2010	cpe:2.3:a:microsoft:web_applications:2010:sp2::::::
microsoft	word	2007	cpe:2.3:a:microsoft:word:2007:sp3::::::