Vulnerability Details : CVE-2015-2470
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2015-2470
Probability of exploitation activity in the next 30 days: 53.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2470
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2015-2470
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2470
-
https://www.exploit-db.com/exploits/37924/
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081
Microsoft Security Bulletin MS15-081 - Critical | Microsoft Docs
-
http://www.securitytracker.com/id/1033239
Microsoft Office Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker
Products affected by CVE-2015-2470
- cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:office:2011:*:*:*:mac:*:*:*
- cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*