cbcvebase.
CVE-2015-2466
published 2015-08-15

CVE-2015-2466: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office…

PriorityP357critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
17.20%
96.7th percentile
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability."

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoftoffice
microsoftoffice

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2015-2466 may be triggerable via the Outlook e-mail preview pane without explicit user interaction, enabling automatic RCE — monitor for Office process spawning unexpected child processes when rendering email previews
  • Attack vector is a crafted Office template file — inspect incoming Office documents/templates (e.g., .dotx, .dotm) for anomalous structure or unexpected macro content
  • Prioritize patching under MS15-081 for Microsoft Office 2007, 2010, and 2013 installations; CVE-2015-1642 in the same bulletin is confirmed exploited in the wild, indicating active threat actor interest in this bulletin's attack surface
  • ·Affected versions are specifically Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 — detections should be scoped to these versions only
  • ·The critical rating (unusual for Office) is attributed to the possibility of automatic triggering via Outlook preview pane — environments where Outlook preview is disabled may have reduced exposure
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.