← Voltar para CVEs

CVE-2015-2424

HIGHCISA KEV

8.8

Descricao

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Detalhes CVE

Pontuacao CVSS v3.18.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado7/14/2015

Ultima modificacao4/22/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorMicrosoft

ProdutoPowerPoint

Nome da vulnerabilidadeMicrosoft PowerPoint Memory Corruption Vulnerability

Data inclusao KEV2022-03-03

Prazo de remediacao2022-03-24

Uso em ransomwareUnknown

Produtos afetados

microsoft:excel_viewermicrosoft:officemicrosoft:office_compatibility_packmicrosoft:powerpointmicrosoft:wordmicrosoft:word_viewer

Fraquezas (CWE)

CWE-787CWE-787

Referencias

http://www.securitytracker.com/id/1032899(secure@microsoft.com)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070(secure@microsoft.com)

http://www.securitytracker.com/id/1032899(af854a3a-2127-422b-91ae-364da2661108)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.