← Back

CVE-2015-2424

nvd nist
Published: Jul 14, 2015Modified: Apr 22, 2026CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Affected (11)

Microsoft
6 products
Excel Viewer
Office
Office Compatibility Pack
Powerpoint
Word
Word Viewer
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Excel Viewer
Version 2007 sp3
Microsoft
Office
Version 2007 sp3
Office
Version 2010 sp2
Office
Version 2011
Office
Version 2013 sp1
Office
Version 2013 sp1
Office Compatibility Pack
All versions
Microsoft
Powerpoint
Version 2007 sp3
Powerpoint
Version 2010 sp2
Word
Version 2013 sp1
Word Viewer
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.