← Volver a CVEs

CVE-2015-2424

HIGHCISA KEV

8.8

Descripcion

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Detalles CVE

Puntuacion CVSS v3.18.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado7/14/2015

Ultima modificacion4/22/2026

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorMicrosoft

ProductoPowerPoint

Nombre vulnerabilidadMicrosoft PowerPoint Memory Corruption Vulnerability

Fecha inclusion KEV2022-03-03

Fecha limite remediacion2022-03-24

Uso en ransomwareUnknown

Productos afectados

microsoft:excel_viewermicrosoft:officemicrosoft:office_compatibility_packmicrosoft:powerpointmicrosoft:wordmicrosoft:word_viewer

Debilidades (CWE)

CWE-787CWE-787

Referencias

http://www.securitytracker.com/id/1032899(secure@microsoft.com)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070(secure@microsoft.com)

http://www.securitytracker.com/id/1032899(af854a3a-2127-422b-91ae-364da2661108)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.