cbcvebase.
CVE-2015-1642
published 2015-08-15

CVE-2015-1642: Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory…

PriorityP180high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
53.21%
98.8th percentile
Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoftoffice
microsoftoffice

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2015-1642 was confirmed actively exploited in the wild at time of patch release (August 2015 Patch Tuesday); prioritize detection of exploitation attempts against Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 via crafted documents
  • The vulnerability may be triggered automatically through the Outlook email preview pane without requiring the user to explicitly open a document — monitor for Office/Outlook process anomalies on email preview
  • CVE-2015-1642 is listed in CISA KEV; treat any unpatched Microsoft Office 2007/2010/2013 instance processing external documents as high-risk and monitor for memory corruption indicators (unexpected child processes spawned from WINWORD.EXE, EXCEL.EXE, OUTLOOK.EXE, POWERPNT.EXE)
  • ·No specific file hashes, malicious domains, IPs, or exploit samples were published in the available sources; detection must rely on behavioral/heuristic indicators and patch-state verification

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.