CVE-2015-1642

HIGH KEV

Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 - Remote Code Execution via Crafted Document

Title source: llm

Exploitation Summary

CVE-2015-1642 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.

Description

Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

References (4)

Core 4

Core References

Broken Link, Third Party Advisory, VDB Entry third-party-advisory x_refsource_idefense

https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1203

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033239

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1642

Scores

CVSS v3 7.8

EPSS 0.7288

EPSS Percentile 98.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2015-02-27

InTheWild.io 2015-02-27

ENISA EUVD EUVD-2015-1772

CWE

CWE-787

Status published

Products (3)

microsoft/office 2007 sp3

microsoft/office 2010 sp2

microsoft/office 2013 sp1

Published Aug 15, 2015

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026