Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2470Integer Underflow (Wrap or Wraparound) in Microsoft Office

CWE-1894 documents4 sources
Severity
9.3CRITICALNVD
EPSS
66.8%
top 1.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft OfficeMicrosoft Word
Timeline
PublishedAug 15
Latest updateMay 14

Description

Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/office2010, 2011, 2013+2
NVDmicrosoft/word2007

🔴Vulnerability Details

2
GHSA
GHSA-3f4m-q8gg-49vr: Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remo2022-05-14
CVEList
CVE-2015-2470: Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remo2015-08-15

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)2015-08-21
CVE-2015-2470 — Integer Underflow (Wrap or Wraparound) | cvebase