← Back

CVE-2015-1641

nvd nist
Published: Apr 14, 2015Modified: Apr 22, 2026CISA KEV

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."

Affected (12)

Microsoft
6 products
Office
Office Compatibility Pack
Office Web Apps
Outlook
Sharepoint Server
Word
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Office
Version 2010 sp2
Office Compatibility Pack
All versions
Microsoft
Office Web Apps
Version 2010 sp2
Office Web Apps
Version 2013 sp1
Outlook
Version 2011
Microsoft
Sharepoint Server
Version 2010 sp2
Sharepoint Server
Version 2013 sp1
Microsoft
Word
Version 2007 sp3
Word
Version 2010 sp2
Word
Version 2011
Word
Version 2013 sp1
Word
Version 2013 sp1

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (7)

Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.