CVE-2015-2466 — Improper Input Validation in Microsoft Office

CWE-20 — Improper Input Validation6 documents4 sources

Severity

9.3CRITICALNVD

EPSS

39.1%

top 2.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

1

Microsoft Office

Timeline

PublishedAug 15

Latest updateMay 14

Description

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/office2007, 2010, 2013+2

🔴Vulnerability Details

1

GHSA

GHSA-6h65-h5f5-6qm7: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsof↗2022-05-14

▶

🕵️Threat Intelligence

4

Talos

Microsoft Patch Tuesday - August 2015↗2015-08-11

▶

Qualys

Patch Tuesday August 2015 | Qualys↗2015-08-11

▶

Talos

Microsoft Patch Tuesday - August 2015↗2015-08-11

▶

Qualys

Patch Tuesday August 2015 | Qualys↗2015-08-11

▶

CVE-2015-2466 — Improper Input Validation in Microsoft | cvebase