CVE-2015-2470
published 2015-08-15CVE-2015-2470: Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote…
PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
26.86%
97.8th percentile
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | word | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Crash occurs in MSPTLS!LssbFIsSublineEmpty+0xa327 at instruction `mov edx,dword ptr [esi+70h]` due to integer underflow causing a negative index in EDI, resulting in out-of-bounds memory access. Monitor for crashes or AV hits in msptls.dll at this offset. ↗
- →The triggering byte delta is a 1-bit change at file offset 0xA9B0 in the crafted .doc file. Inspect suspicious .doc files for anomalies at this offset. ↗
- →ESI register holds application verifier heap canary value 0xabcdbbbb at crash time, indicating heap corruption via out-of-bounds pointer dereference in MSPTLS. Presence of this canary in crash dumps is a strong indicator of exploitation attempt. ↗
- →Vulnerable DLL versions: wwlib.dll 12.0.6720.5000 and msptls.dll 12.0.6682.5000 (Office 2007). Flag processes loading these specific DLL versions opening .doc files. ↗
- →The vulnerability is triggered via a crafted .doc file delivered to Microsoft Office (WINWORD.EXE). Monitor WINWORD.EXE for abnormal child process spawning or memory access violations in msptls.dll after opening .doc files. ↗
- ·Crash was observed with Microsoft Office File Validation Add-In disabled; enabling the add-in may prevent exploitation or alter crash behavior. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Talos
Microsoft Patch Tuesday - August 2015
blogs_talos·2015-08-11·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - August 2015
Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins released which address 58 CVEs. Four bulletins are rated "Critical" this month and address vulnerabilities in Internet Explorer, Graphics Component, Office, and Edge. The other ten bulletins are rated "Important" and address vulnerabilities within Remote Desktop Protocol (RDP), Server Message Block (SMB), XML Core Services, Mount Manager, System Center Operations Manager, UDDI Services, Command Line, WebDAV, Windows, and the .NET Framework.
### Bulletins Rated CriticalMS15-079, MS15-080, MS15-081, and MS15-091 are rated "Critical".
MS15-079 is this month's Internet Explorer security bulletin. Thirteen CVEs wer
Talos
Microsoft Patch Tuesday - August 2015
blogs_talos·2015-08-11·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - August 2015
## Microsoft Patch Tuesday - August 2015
Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins released which address 58 CVEs. Four bulletins are rated "Critical" this month and address vulnerabilities in Internet Explorer, Graphics Component, Office, and Edge. The other ten bulletins are rated "Important" and address vulnerabilities within Remote Desktop Protocol (RDP), Server Message Block (SMB), XML Core Services, Mount Manager, System Center Operations Manager, UDDI Services, Command Line, WebDAV, Windows, and the .NET Framework.
## Bulletins Rated Critical MS15-079, MS15-080, MS15-081, and MS15-091 are rated "Critical".
MS15-079 is this month's Internet Exp
Zscaler
Zscaler detects IE & MS Office Vulnerabilities | 08-11-2015
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler detects IE & MS Office Vulnerabilities | 08-11-2015
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securitytracker.com/id/1033239https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081https://www.exploit-db.com/exploits/37924/http://www.securitytracker.com/id/1033239https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081https://www.exploit-db.com/exploits/37924/
2015-08-15
Published