9.3
CVSSv2

CVE-2015-2424

Published: 14/07/2015 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftPowerpoint2007, 2010, 2013
MicrosoftWord2007, 2010, 2013

Recent Articles

Office, Java Patches Erase Latest APT 28 Zero Days
Threatpost • Michael Mimoso • 16 Jul 2015

An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months.
Given the underground value of unpatched and unreported vulnerabilities, this is highly unusual behavior, even for a state-sponsored cyberespionage team.
Nonetheless, APT 28, also known by other nicknames such as Tsar Team, Operation Pawn Storm, and Sednit, has been a busy gang targeting government agencies and...

Microsoft Security Updates July 2015
Securelist • Kurt Baumgartner • 14 Jul 2015

Microsoft releases a long list of updates to multiple technologies today with 14 Security Bulletins (MS15-058, MS15-065 – MS15-077) patching 58 vulnerabilities, and at least 47 of them reported through a a responsible disclosure channel. Meanwhile, several are being used and detected ITW as a part of limited targeted attacks, like the Microsoft Office RCE cve-2015-2424, ATMFD.DLL EoP cve-2015-2387, and the Internet Explorer JScript9 RCE cve-2015-2419. Some were the result of breach leaks as ...