CVE-2015-1682
Microsoft Word ptCount Element Uninitialized Memory Read Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, Excel Services on SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, y SharePoint Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Microsoft Office.'
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of embedded charts. By providing a malformed .docx file with an invalid "ptCount" node, an attacker can force uninitialized memory to be read. This allows for the execution of arbitrary code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-17 CVE Reserved
- 2015-05-12 CVE Published
- 2024-06-06 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/74481 | Vdb Entry | |
| http://www.securitytracker.com/id/1032295 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2010 Search vendor "Microsoft" for product "Excel" and version "2010" | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2010 Search vendor "Microsoft" for product "Excel" and version "2010" | sp2, x86 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2013 Search vendor "Microsoft" for product "Excel" and version "2013" | sp1, rt |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Web App Search vendor "Microsoft" for product "Excel Web App" | 2010 Search vendor "Microsoft" for product "Excel Web App" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | sp2, x86 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2011 Search vendor "Microsoft" for product "Office" and version "2011" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2013 Search vendor "Microsoft" for product "Office" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2013 Search vendor "Microsoft" for product "Office" and version "2013" | sp1, rt |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Web Apps Server Search vendor "Microsoft" for product "Office Web Apps Server" | 2010 Search vendor "Microsoft" for product "Office Web Apps Server" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Web Apps Server Search vendor "Microsoft" for product "Office Web Apps Server" | 2013 Search vendor "Microsoft" for product "Office Web Apps Server" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2010 Search vendor "Microsoft" for product "Powerpoint" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2011 Search vendor "Microsoft" for product "Powerpoint" and version "2011" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2013 Search vendor "Microsoft" for product "Powerpoint" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2013 Search vendor "Microsoft" for product "Powerpoint" and version "2013" | sp1, rt |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Viewer Search vendor "Microsoft" for product "Powerpoint Viewer" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Foundation Search vendor "Microsoft" for product "Sharepoint Foundation" | 2010 Search vendor "Microsoft" for product "Sharepoint Foundation" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Foundation Search vendor "Microsoft" for product "Sharepoint Foundation" | 2013 Search vendor "Microsoft" for product "Sharepoint Foundation" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2010 Search vendor "Microsoft" for product "Sharepoint Server" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2013 Search vendor "Microsoft" for product "Sharepoint Server" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2010 Search vendor "Microsoft" for product "Word" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2011 Search vendor "Microsoft" for product "Word" and version "2011" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2013 Search vendor "Microsoft" for product "Word" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2013 Search vendor "Microsoft" for product "Word" and version "2013" | sp1, rt |
Affected
| ||||||