CVE-2015-2424

HIGH KEV

Microsoft Excel Viewer - Out-of-Bounds Write

Title source: rule

Description

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

References (3)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032899

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424

Scores

CVSS v3 8.8

EPSS 0.6448

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03

VulnCheck KEV 2015-06-30

InTheWild.io 2015-06-30

ENISA EUVD EUVD-2015-2517

CWE

CWE-787

Status published

Products (10)

microsoft/excel_viewer 2007 sp3

microsoft/office 2007 sp3

microsoft/office 2010 sp2

microsoft/office 2011

microsoft/office 2013 sp1 (2 CPE variants)

microsoft/office_compatibility_pack

microsoft/powerpoint 2007 sp3

microsoft/powerpoint 2010 sp2

microsoft/word 2013 sp1

microsoft/word_viewer

Published Jul 14, 2015

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026