Lucene search

K
nvd[email protected]NVD:CVE-2015-1641
HistoryApr 14, 2015 - 8:59 p.m.

CVE-2015-1641

2015-04-1420:59:05
CWE-787
web.nvd.nist.gov
12

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.89

Percentile

98.8%

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka β€œMicrosoft Office Memory Corruption Vulnerability.”

Affected configurations

Nvd
Node
microsoftofficeMatch2010sp2
OR
microsoftoffice_compatibility_packMatch-sp3
OR
microsoftoffice_web_appsMatch2010sp2
OR
microsoftoffice_web_appsMatch2013sp1
OR
microsoftoutlookMatch2011mac_os_x
OR
microsoftsharepoint_serverMatch2010sp2
OR
microsoftsharepoint_serverMatch2013sp1
OR
microsoftwordMatch2007sp3
OR
microsoftwordMatch2010sp2
OR
microsoftwordMatch2011macos
OR
microsoftwordMatch2013sp1-
OR
microsoftwordMatch2013sp1rt
VendorProductVersionCPE
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftoffice_compatibility_pack-cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
microsoftoffice_web_apps2013cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
microsoftoutlook2011cpe:2.3:a:microsoft:outlook:2011:*:*:*:*:mac_os_x:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
microsoftsharepoint_server2013cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
microsoftword2007cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
microsoftword2010cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
microsoftword2011cpe:2.3:a:microsoft:word:2011:*:*:*:*:macos:*:*
Rows per page:
1-10 of 121

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.89

Percentile

98.8%