CVE-2015-1642
published 2015-08-15CVE-2015-1642: Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory…
PriorityP180high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
53.21%
98.8th percentile
Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2015-1642 was confirmed actively exploited in the wild at time of patch release (August 2015 Patch Tuesday); prioritize detection of exploitation attempts against Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 via crafted documents ↗
- →The vulnerability may be triggered automatically through the Outlook email preview pane without requiring the user to explicitly open a document — monitor for Office/Outlook process anomalies on email preview ↗
- →CVE-2015-1642 is listed in CISA KEV; treat any unpatched Microsoft Office 2007/2010/2013 instance processing external documents as high-risk and monitor for memory corruption indicators (unexpected child processes spawned from WINWORD.EXE, EXCEL.EXE, OUTLOOK.EXE, POWERPNT.EXE) ↗
- ·No specific file hashes, malicious domains, IPs, or exploit samples were published in the available sources; detection must rely on behavioral/heuristic indicators and patch-state verification ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Office up to Word Viewer memory corruption (MS15-081 / Nessus ID 85350)
vuldb·2026-04-22·CVSS 7.8
CVE-2015-1642 [HIGH] Microsoft Office up to Word Viewer memory corruption (MS15-081 / Nessus ID 85350)
A vulnerability classified as critical was found in Microsoft Office. This impacts an unknown function. Such manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2015-1642. The attack can be launched remotely. Moreover, an exploit is present.
A patch should be applied to remediate this issue.
GHSA
GHSA-f9w6-fcw4-8qmv: Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memo
ghsa_unreviewed·2022-05-14
CVE-2015-1642 [HIGH] CWE-119 GHSA-f9w6-fcw4-8qmv: Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memo
Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
VulnCheck
Microsoft Office Memory Corruption Vulnerability
vulncheck·2015·CVSS 7.8
CVE-2015-1642 [HIGH] CWE-119 Microsoft Office Memory Corruption Vulnerability
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
Affected: Microsoft Office
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.logpoint.com/wp-content/uploads/2024/06/logpoint-etpr-forest-blizzard.pdf
Remediation Due: 2022-03-24
CISA
Microsoft Office Memory Corruption Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2015-1642 [HIGH] CWE-119 Microsoft Office Memory Corruption Vulnerability
Vulnerability: Microsoft Office Memory Corruption Vulnerability
Affected: Microsoft Office
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-1642
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
Krebs
Adobe, MS Push Patches, Oracle Drops Drama
blogs_krebs·2015-08-11
Adobe, MS Push Patches, Oracle Drops Drama
Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle‘s chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down.
Adobe’s latest patch for Flash (it has issued more than a dozen this year alone) fixes at least 34 separate security vulnerabilities in Flash and Adobe AIR. Mercifully, Adobe said this time around it is not aware of malicious hackers actively exploiting any of the flaws addressed in this release.
Adobe recommends users of Adobe Flash Player
Qualys
Patch Tuesday August 2015 | Qualys
blogs_qualys·2015-08-11·CVSS 7.8
[HIGH] Patch Tuesday August 2015 | Qualys
It is Windows 10 first Patch Tuesday and 40% of the August bulletins for generic Windows apply to the newest version of the operating system: Windows 10. In addition there is an exclusive bulletin for the new browser Microsoft Edge, the leaner and faster replacement for Internet Explorer that addresses three critical vulnerabilities. Windows 10 fares a bit better than WIndows 8, which had 60% in its first two months, where three out of five bulletins were applicable. From a security perspective Windows 10 brings much improvement and we are curious to see how the acceptance of Windows 10 will play out, especially comparing the enterprise side and consumer side. On the Enterprise level we think the Virtual Secure Mode that takes credential hashes out of the Windows kernel the biggest advance
Qualys
Patch Tuesday August 2015 | Qualys
blogs_qualys·2015-08-11·CVSS 7.8
[HIGH] Patch Tuesday August 2015 | Qualys
It is Windows 10 first Patch Tuesday and 40% of the August bulletins for generic Windows apply to the newest version of the operating system: Windows 10. In addition there is an exclusive bulletin for the new browser Microsoft Edge, the leaner and faster replacement for Internet Explorer that addresses three critical vulnerabilities. Windows 10 fares a bit better than WIndows 8, which had 60% in its first two months, where three out of five bulletins were applicable. From a security perspective Windows 10 brings much improvement and we are curious to see how the acceptance of Windows 10 will play out, especially comparing the enterprise side and consumer side. On the Enterprise level we think the Virtual Secure Mode that takes credential hashes out of the Windows kernel the biggest advance
Krebs
Adobe, MS Push Patches, Oracle Drops Drama – Krebs on Security
blogs_krebs·2015-08-01
Adobe, MS Push Patches, Oracle Drops Drama – Krebs on Security
Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle ‘s chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down.
Adobe’s latest patch for Flash (it has issued more than a dozen this year alone) fixes at least 34 separate security vulnerabilities in Flash and Adobe AIR. Mercifully, Adobe said this time around it is not aware of malicious hackers actively exploiting any of the flaws addressed in this release.
Adobe recommends users of Adobe Flash Playe
http://www.securitytracker.com/id/1033239https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1203http://www.securitytracker.com/id/1033239https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1203https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1642
2015-08-15
Published
2022-03-03
Added to CISA KEV
Exploited in the wild