CVE-2015-2469

Microsoft Office and Word - Remote Code Execution via Crafted Document

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2469. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Microsoft Office 2007/2010, where out-of-bounds memory access occurs due to incorrect handling of Word binary document structures. The PoC demonstrates a crash with potential for arbitrary code execution via controlled memory grooming.

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/37910

This exploit targets a memory corruption vulnerability in Microsoft Office 2007/2010, where out-of-bounds memory access occurs due to incorrect handling of Word binary document structures. The PoC demonstrates a crash with potential for arbitrary code execution via controlled memory grooming.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Microsoft Office 2007/2010 (wwlib.dll 12.0.6720.5000, mso.dll 12.0.6721.5000)
No auth needed
Prerequisites: Microsoft Office File Validation Add-In disabled · Target opens malicious .doc file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37910/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033239

Scores

EPSS 0.2686
EPSS Percentile 97.8%

Details

CWE
CWE-119
Status published
Products (4)
microsoft/office 2010 sp2 (2 CPE variants)
microsoft/office 2011
microsoft/word 2007 sp3
microsoft/word 2010 sp2
Published Aug 15, 2015
Tracked Since Feb 18, 2026