CVE-2015-2470
Microsoft Office 2007-2013 & Word Viewer RCE via Crafted Document
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-2470. PoCs published by Google Security Research.
AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in Microsoft Office 2007/2010 due to improper pointer handling in MSPTLS!LssbFIsSublineEmpty, leading to a crash when processing a malformed DOC file. The PoC includes fuzzed files that trigger the issue by manipulating heap memory structures.
Description
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."
Exploits (1)
This exploit demonstrates a memory corruption vulnerability in Microsoft Office 2007/2010 due to improper pointer handling in MSPTLS!LssbFIsSublineEmpty, leading to a crash when processing a malformed DOC file. The PoC includes fuzzed files that trigger the issue by manipulating heap memory structures.