Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0064

CWE-3995 documents5 sources

Severity

9.3CRITICAL

EPSS

71.2%

top 1.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Office Microsoft Sharepoint Server Microsoft WEB Applications +1 more

Timeline

PublishedFeb 11

Latest updateMay 14

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/word2007, 2010+1

▶NVDmicrosoft/office2010

▶NVDmicrosoft/sharepoint_server2010

▶NVDmicrosoft/web_applications2010

🔴Vulnerability Details

GHSA

GHSA-mhfm-wr84-w85g: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, a↗2022-05-14

▶

CVEList

CVE-2015-0064: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, a↗2015-02-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office 2007 - Malformed Document Stack Buffer Overflow↗2015-08-25

▶

💬Community

Bugzilla

CVE-2015-7853 ntp: reference clock memory corruption vulnerability↗2015-10-22

▶