Vulnerability Details : CVE-2015-2470
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."
Vulnerability category: Execute code
Products affected by CVE-2015-2470
- cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:office:2011:*:*:*:mac:*:*:*
- cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2470
58.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2470
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2015-2470
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2470
-
https://www.exploit-db.com/exploits/37924/
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081
Microsoft Security Bulletin MS15-081 - Critical | Microsoft Docs
-
http://www.securitytracker.com/id/1033239
Microsoft Office Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker
Jump to