⚠ Actively exploited

Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2015-2424

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow6 documents6 sources

Severity

8.8HIGH

EPSS

76.5%

top 1.06%

CISA KEV

KEV

Added 2022-03-03

Due 2022-03-24

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Excel Viewer Microsoft Office Microsoft Powerpoint +1 more

Timeline

PublishedJul 14

KEV addedMar 3

KEV dueMar 24

Latest updateMay 14

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmicrosoft/powerpoint2007, 2010+1

▶NVDmicrosoft/word2013

▶NVDmicrosoft/office4 versions+3

▶NVDmicrosoft/excel_viewer2007

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rvvj-j63r-j9x4: Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow↗2022-05-14

▶

CVEList

CVE-2015-2424: Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow↗2015-07-14

▶

VulnCheck

Microsoft PowerPoint Memory Corruption Vulnerability↗2015

▶

🔍Detection Rules

Suricata

ET MALWARE Possible CVE-2015-2424 RTF Dropping Sofacy↗2015-07-17

▶

📋Vendor Advisories

CISA

Microsoft PowerPoint Memory Corruption Vulnerability↗2022-03-03

▶