CVE-2015-0064

Microsoft Web Applications - Resource Management Error

Title source: rule

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/37967

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://secunia.com/advisories/62808

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031720

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/72463

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/37967/

Scores

EPSS 0.7122

EPSS Percentile 98.7%

Details

CWE

CWE-399

Status published

Products (8)

microsoft/office 2010 sp2 (2 CPE variants)

microsoft/office_compatibility_pack

microsoft/sharepoint_server 2010

microsoft/web_applications 2010 sp2

microsoft/word 2007 sp3

microsoft/word 2010 sp2

microsoft/word_automation_services

microsoft/word_viewer

Published Feb 11, 2015

Tracked Since Feb 18, 2026