CVE-2015-2469
published 2015-08-15CVE-2015-2469: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka…
PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
26.86%
97.8th percentile
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Crash occurs in wwlib!FMain+0x67086 when eax (derived from 3rd argument at 0x312ab5e7) points to a heap allocation of size 0xa8, and offsets +0xAC, +0xB0, +0xB4, +0xB8 are pushed, exceeding the allocated size — triggering an out-of-bounds read/write. Monitor for access violations in wwlib.dll at these offsets. ↗
- →The exploitable memory write primitive resides at wwlib!FMain+0x66d93 (0x312ab34a); instructions at 0x312ab356 and 0x312ab358 perform sub/add on attacker-influenced memory. Flag execution reaching these addresses from a Word document parsing context. ↗
- →The vulnerability is triggered via malformed PAPXFKP structures in a .doc (Word Binary Format) file. Specifically, three deltas at file offsets 0x2404, 0x4041, and 0x8057 within stPapxFKPs[23] corrupt rgfc and bOffset fields. Inspect .doc files for anomalous PAPXFKP rgfc/bOffset values. ↗
- →Root cause is assessed as a type confusion vulnerability in wwlib.dll during parsing of Word Binary Document PAPXFKP structures, leading to an out-of-bounds heap read and subsequent memory corruption write. Alert on type confusion patterns in wwlib.dll call stacks involving FMain+0xd6e80 through FMain+0x67086. ↗
- ·Crash and exploitability were confirmed only with Microsoft Office File Validation Add-In disabled and Application Verifier (pageheap) enabled. Without pageheap, the out-of-bounds access may not immediately fault, potentially allowing silent memory corruption. ↗
- ·The bug also reproduces on Office 2010 on Windows 7 x86, so detection rules should cover both Office 2007 (wwlib.dll 12.0.6720.5000) and Office 2010 SP2 targets. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_apache9.8
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cpv6-gp82-2m5h: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted docume
ghsa_unreviewed·2022-05-14
CVE-2015-2469 [HIGH] CWE-119 GHSA-cpv6-gp82-2m5h: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted docume
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Apache
Apache nifi: CVE-2018-1310
vendor_apache·CVSS 9.8
CVE-2018-1310 Apache nifi: CVE-2018-1310
Apache nifi: CVE-2018-1310
Title: Potential Denial of Service in JMS Processors Published: 2018-04-08 Severity: Medium Products: Apache NiFi Affected Versions: 0.1.0 to 1.5.0 Fixed Versions: 1.6.0 Reporter: 圆珠笔 References CVE Record: CVE-2018-1310 NVD Record: CVE-2018-1310 Apache Jira Issue: NIFI-4870 GitHub Pull Request: 2469 Malicious JMS content could cause denial of service in impacted Processors. See ActiveMQ CVE-2015-5254 announcement for more information. NiFi 1.6.0 upgrades the activemq-client library to 5.15.3. Users running a prior release should upgrade to 1.6.0.
Severity: moderate
No detection rules found.
No writeups or analysis indexed.
http://www.securitytracker.com/id/1033239https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081https://www.exploit-db.com/exploits/37910/http://www.securitytracker.com/id/1033239https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081https://www.exploit-db.com/exploits/37910/
2015-08-15
Published