9.3

CVE-2015-2424

Warnung

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExcel Viewer Version2007 Updatesp3
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2011 SwPlatformmacos
MicrosoftOffice Version2013 Updatesp1 SwEdition-
MicrosoftOffice Version2013 Updatesp1 SwEditionrt
MicrosoftOffice Compatibility Pack Version- Updatesp3
MicrosoftPowerpoint Version2007 Updatesp3
MicrosoftPowerpoint Version2010 Updatesp2
MicrosoftWord Version2013 Updatesp1
MicrosoftWord Viewer Version-

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft PowerPoint Memory Corruption Vulnerability

Schwachstelle

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 76.61% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1032899
Third Party Advisory
Broken Link
VDB Entry