V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2015-2468
CVE
CriticalConfirmedExploit available

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office …

CVSS
9.3
Critical
EPSS
0.43
p98
Published
2015-01-01
Updated
2015-01-01
Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Tags · CWE
RCE
CWE-119
CAPEC-8
CAPEC-9
CAPEC-10
CAPEC-14
CAPEC-24
CAPEC-42
CAPEC-44
CAPEC-45
CAPEC-46
CAPEC-47
CAPEC-100
CAPEC-123
Affected products
OfficeOffice_compatibility_packSharepoint_serverWordWord_viewerWord_web_appsWord_web_apps_server
CVSS vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Timeline
2015-01-01
Published
2015-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: C
Complete
Integrity Impact
I: C
Complete
Availability Impact
A: C
Complete
Exploit indicators
EPSS
0.434 · p98
Known exploited (KEV)
No
Known exploits — Сканер-ВС
37912
exploitdb · https://www.exploit-db.com/exploits/37912
Enterprise
Affected products
Microsoft
OfficeSharepoint ServerWordOffice Compatibility PackWord ViewerWord Web AppsWord Web Apps Server
ProductVendorStatus
office*Tracked
office_compatibility_pack*Tracked
sharepoint_server*Tracked
word*Tracked
word_viewer*Tracked
word_web_apps*Tracked
word_web_apps_server*Tracked
Source databases
CVE