CVE-2015-2424

Microsoft PowerPoint Memory Corruption Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1 y PowerPoint 2013 RT SP1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicios mediante un documento Office manipulado, también conocida como 'Vulnerabilidad de corrupción de Memoria en Microsoft Office'.

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-03-19 CVE Reserved
2015-07-14 CVE Published
2022-03-03 Exploited in Wild
2022-03-24 KEV Due Date
2024-07-17 EPSS Updated
2024-08-06 CVE Updated
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (2)

URL	Tag	Source
http://www.securitytracker.com/id/1032899	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Word Search vendor "Microsoft" for product "Word"				2007 Search vendor "Microsoft" for product "Word" and version "2007"		sp3		Affected
Microsoft Search vendor "Microsoft"		Word Search vendor "Microsoft" for product "Word"				2010 Search vendor "Microsoft" for product "Word" and version "2010"		sp2, x64		Affected
Microsoft Search vendor "Microsoft"		Word Search vendor "Microsoft" for product "Word"				2010 Search vendor "Microsoft" for product "Word" and version "2010"		sp2, x86		Affected
Microsoft Search vendor "Microsoft"		Word Search vendor "Microsoft" for product "Word"				2013 Search vendor "Microsoft" for product "Word" and version "2013"		sp1		Affected
Microsoft Search vendor "Microsoft"		Powerpoint Search vendor "Microsoft" for product "Powerpoint"				2007 Search vendor "Microsoft" for product "Powerpoint" and version "2007"		sp3		Affected
Microsoft Search vendor "Microsoft"		Powerpoint Search vendor "Microsoft" for product "Powerpoint"				2010 Search vendor "Microsoft" for product "Powerpoint" and version "2010"		sp2		Affected
Microsoft Search vendor "Microsoft"		Powerpoint Search vendor "Microsoft" for product "Powerpoint"				2013 Search vendor "Microsoft" for product "Powerpoint" and version "2013"		sp1		Affected
Microsoft Search vendor "Microsoft"		Powerpoint Search vendor "Microsoft" for product "Powerpoint"				2013 Search vendor "Microsoft" for product "Powerpoint" and version "2013"		sp1, rt		Affected