← Retour aux CVEs

CVE-2015-2424

HIGHCISA KEV

8.8

Description

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie7/14/2015

Derniere modification4/22/2026

Sourcekev

Observations honeypot0

CISA KEV

FournisseurMicrosoft

ProduitPowerPoint

Nom vulnerabiliteMicrosoft PowerPoint Memory Corruption Vulnerability

Date ajout KEV2022-03-03

Date limite remediation2022-03-24

Utilise dans ransomwareUnknown

Produits affectes

microsoft:excel_viewermicrosoft:officemicrosoft:office_compatibility_packmicrosoft:powerpointmicrosoft:wordmicrosoft:word_viewer

Faiblesses (CWE)

CWE-787CWE-787

References

http://www.securitytracker.com/id/1032899(secure@microsoft.com)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070(secure@microsoft.com)

http://www.securitytracker.com/id/1032899(af854a3a-2127-422b-91ae-364da2661108)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.