CVE-2015-2545
HIGH KEVMicrosoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 - Remote Code Execution via Crafted EPS Image
Title source: llmExploitation Summary
CVE-2015-2545 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.
Description
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033488
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099
Exploit, Third Party Advisory x_refsource_misc
http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2545
Scores
CVSS v3
7.8
EPSS
0.9323
EPSS Percentile
99.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-03-03
VulnCheck KEV
2015-09-08
InTheWild.io
2015-09-08
ENISA EUVD
EUVD-2015-2638
Status
published
Products (4)
microsoft/office
2007 sp3
microsoft/office
2010 sp2
microsoft/office
2013 sp1 (2 CPE variants)
microsoft/office
2016
Published
Sep 09, 2015
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026