CVE-2015-1641

HIGH KEV RANSOMWARE

Microsoft Office <2013 - RCE

Title source: llm

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

nomisec WORKING POC 23 stars

by Cyberclues · poc

https://github.com/Cyberclues/rtf_exploit_extractor

View Code ZIP pw:eip

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73995

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032104

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1641

Scores

CVSS v3 7.8

EPSS 0.9362

EPSS Percentile 99.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2015-04-14

InTheWild.io 2015-04-14

ENISA EUVD EUVD-2015-1771

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (11)

microsoft/office 2010 sp2

microsoft/office_compatibility_pack

microsoft/office_web_apps 2010 sp2

microsoft/office_web_apps 2013 sp1

microsoft/outlook 2011

microsoft/sharepoint_server 2010 sp2

microsoft/sharepoint_server 2013 sp1

microsoft/word 2007 sp3

microsoft/word 2010 sp2

microsoft/word 2011

... and 1 more

Published Apr 14, 2015

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026