CVE-2015-6093
Microsoft Office Word TTF Size Miscalculation Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services en SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como 'Microsoft Office Memory Corruption Vulnerability'.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of name tables in an embedded TTF file. Incorrect processing of a size value can cause Word to copy too much data and corrupt memory. An attacker could leverage this vulnerability to execute arbitrary code in the context of the process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-08-14 CVE Reserved
- 2015-11-10 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/77491 | Vdb Entry | |
| http://www.securitytracker.com/id/1034118 | Vdb Entry | |
| http://www.securitytracker.com/id/1034122 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-539 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2013 Search vendor "Microsoft" for product "Office" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2016 Search vendor "Microsoft" for product "Office" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Web Apps Search vendor "Microsoft" for product "Office Web Apps" | 2010 Search vendor "Microsoft" for product "Office Web Apps" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Web Apps Server Search vendor "Microsoft" for product "Office Web Apps Server" | 2013 Search vendor "Microsoft" for product "Office Web Apps Server" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2010 Search vendor "Microsoft" for product "Sharepoint Server" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2013 Search vendor "Microsoft" for product "Sharepoint Server" and version "2013" | sp1 |
Affected
| ||||||