Vulnerability Details : CVE-2015-2379
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-2379
Probability of exploitation activity in the next 30 days: 16.00%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2379
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2015-2379
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2379
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070
Microsoft Security Bulletin MS15-070 - Important | Microsoft Docs
-
http://www.securitytracker.com/id/1032899
Microsoft Office Multiple Flaws Let Remote Users Bypass ASLR and Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2015-2379
- cpe:2.3:a:microsoft:office:2011:*:*:*:*:mac:*:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
- cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*