9.3

CVE-2015-2424

Warning

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftExcel Viewer Version2007 Updatesp3
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2011 SwPlatformmacos
MicrosoftOffice Version2013 Updatesp1 SwEdition-
MicrosoftOffice Version2013 Updatesp1 SwEditionrt
MicrosoftOffice Compatibility Pack Version- Updatesp3
MicrosoftPowerpoint Version2007 Updatesp3
MicrosoftPowerpoint Version2010 Updatesp2
MicrosoftWord Version2013 Updatesp1
MicrosoftWord Viewer Version-

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft PowerPoint Memory Corruption Vulnerability

Vulnerability

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 76.61% 0.989
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1032899
Third Party Advisory
Broken Link
VDB Entry