CVE-2015-2545
published 2015-09-09CVE-2015-2545: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office…
PriorityP183high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
86.05%
99.7th percentile
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →BADNEWS C2 beacon contains victim info string with format: uuid=[ID]#un=[Username]#cn=[Hostname]#on=[OS Version]#lan=[IP Address]#nop=#ver=1.0 — hunt for HTTP POST bodies matching this pattern ↗
- →BADNEWS persistence: detect creation of a scheduled task named 'BaiduUpdateTask1' that runs every minute, created by vmtools.dll ↗
- →BADNEWS drops files to %PROGRAMDATA%\Microsoft\DeviceSync\ — monitor for creation of VMwareCplLauncher.exe, vmtools.dll, and MSBuild.exe in that path ↗
- →BADNEWS C2 URI pattern: hardcoded paths with double-slash or backslash separators and a 32-char hex directory segment — detect HTTP requests matching '//[a-f0-9]{32}//[A-Za-z0-9]+//*.php' ↗
- →SPIVY (Poison Ivy variant) network handshake: first byte indicates 1–16 bytes of pseudo-random padding prepended before the 256-byte challenge-response; first byte × 2 = second control byte — detect non-standard Poison Ivy handshake sizes (e.g., 267 bytes total) ↗
- →SPIVY shellcode decoding: single-byte addition of 0x99, XOR with 0xD4, then subtract 0x33 — use this sequence to identify or decode SPIVY shellcode blobs ↗
- →CVE-2015-2545 EPS exploit: detect WINWORD.EXE spawning unexpected child processes or dropping EXE/DLL files, as the exploit executes shellcode embedded in a crafted EPS image within a DOCX ↗
- →CVE-2015-2545 EPS exploit bypasses ASLR and DEP — standard memory-protection bypass detections should be tuned for PostScript/EPS processing in Office applications ↗
- ·BADNEWS dead drop resolver URLs are hardcoded per sample and change across variants; the specific URL observed (feeds.rapidfeeds[.]com/88604/) may be sinkholed or inactive ↗
- ·BADNEWS C2 IP (185.203.118.115) is derived after four decryption steps from the dead drop resolver; the actual C2 may rotate and requires decryption of the dead drop content to obtain ↗
- ·SPIVY C2 domains (leeh0m[.]org third-levels) were created in late February 2016 and may no longer be active; verify current resolution before blocking ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image input validation (MS15-099 / EDB-38214)
vuldb·2026-04-22·CVSS 7.8
CVE-2015-2545 [HIGH] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image input validation (MS15-099 / EDB-38214)
A vulnerability, which was classified as critical, has been found in Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1. The impacted element is an unknown function of the component EPS Image Handler. The manipulation leads to improper input validation.
This vulnerability is referenced as CVE-2015-2545. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
Applying a patch is the recommended action to fix this issue.
GHSA
GHSA-qgf7-rc56-jhwp: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microso
ghsa_unreviewed·2022-05-14
CVE-2015-2545 [HIGH] CWE-20 GHSA-qgf7-rc56-jhwp: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microso
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."
VulnCheck
Microsoft Office Malformed EPS File Vulnerability
vulncheck·2015·CVSS 7.8
CVE-2015-2545 [HIGH] CWE-20 Microsoft Office Malformed EPS File Vulnerability
Microsoft Office Malformed EPS File Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
Affected: Microsoft Office
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.fireeye.com/blog/threat-research/2015/12/the_eps_awakens.html; http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf; https://unit42.paloaltonetworks.com/operation-ke3chang-resurfaces-with-new-tidepool-malware/; https://securelist.com/cve-2015-2545-overview-of-current-threats/74828/; https://www.proofpoi
CISA
Microsoft Office Malformed EPS File Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2015-2545 [HIGH] CWE-20 Microsoft Office Malformed EPS File Vulnerability
Vulnerability: Microsoft Office Malformed EPS File Vulnerability
Affected: Microsoft Office
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2545
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
Fortinet
Debugging PostScript with Ghostscript
blogs_fortinet·2018-07-26·CVSS 7.8
[HIGH] Debugging PostScript with Ghostscript
FORTIGUARD LABS THREAT RESEARCH
Debugging PostScript with Ghostscript
By Wayne Chin Yick Low | July 26, 2018
Iwas recently approached by one of my friends in the threat research field about shellcode extraction from PostScript. If you are not aware, PostScript, which is developed by Adobe Systems, is a simple interpretive programming language with powerful graphics capabilities that has been integrated into most of today’s modern printers. Over the last couple of years, the software has been targeted by attackers to carry out a number notorious attacks, including a campaign discovered by FortiGuard Labs last year that exploited the CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability. Attackers who exploit vulnerabilities found in PostScript often make analysts’ lives harder by obfu
Unit42
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
blogs_unit42·2018-03-07
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
Threat Research Center
Threat Research
Malware
## Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
Brandon Levene
Josh Grunzweig
Brittany Barbehenn
Published: March 7, 2018
Malware
Threat Research
BADNEWS
Dropping Elephant
India
Monsoon
Pakistan
Patchwork
Summary
In the past few months, Unit 42 has observed the Patchwork group, alternatively known as Dropping Elephant and Monsoon , conducting campaigns against targets located in the Indian subcontinent. Patchwork threat actors utilized a pair of EPS exploits rolled into legitimate, albeit malicious, documents in order to propagate their updated BADNEWS payload. The use of weaponized legitimate documents is a longstanding operational standard of this group.
The malicious documents seen in recent activity r
Unit42
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
blogs_unit42·2018-03-07·CVSS 7.8
[HIGH] Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
Summary
In the past few months, Unit 42 has observed the Patchwork group, alternatively known as Dropping Elephant and Monsoon, conducting campaigns against targets located in the Indian subcontinent. Patchwork threat actors utilized a pair of EPS exploits rolled into legitimate, albeit malicious, documents in order to propagate their updated BADNEWS payload. The use of weaponized legitimate documents is a longstanding operational standard of this group.
The malicious documents seen in recent activity refer to a number of topics, including recent military promotions within the Pakistan Army, information related to the Pakistan Atomic Energy Commission, as well as Pakistan’s Ministry of the Interior.
The BADNEWS malware payload, which these malicious documents ultimately deliver, has bee
Fortinet
Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers
blogs_fortinet·2017-09-20·CVSS 7.8
[HIGH] Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers
FORTIGUARD LABS THREAT RESEARCH
Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers
By Joie Salvio and Jasper Manuel | September 20, 2017
Earlier this month, FortiGuard Labs researchers published findings about a malware campaign exploiting a PowerPoint vulnerability. Cybercriminals, however, are equal opportunity exploiters, so just recently an interesting targeted malware campaign was found to be using another document vulnerability. Only this time, it’s a Hangul Word Processor (HWP) document leveraging the already known CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability.
HWP is a popular alternative to Microsoft Office in South Korea, especially within government agencies. So it is not uncommon for attackers to use this attack vector for spear phishing
Securelist
Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016
blogs_securelist·2016-12-14
Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016
Table of Contents
- Introduction
- Six things we learned this year that we didn’t know before
- Other top threats
- The impact on business
Authors
- Kaspersky
## Executive Summary
Download Review of the year
Download Overall statistics
Download the consolidated Kaspersky Security Bulletin 2016
1. Kaspersky Security Bulletin. Predictions for 2017
2. Kaspersky Security Bulletin 2016. The ransomware revolution
## Introduction
If they were asked to sum up 2016 in a single word, many people around the world – particularly those in Europe and the US – might choose the word ‘unpredictable’. On the face of it, the same could apply to cyberthreats in 2016: the massive botnets of connected devices that paralysed much of the Internet in October; the relentless hacking of high profile websit
Securelist
Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016
blogs_securelist·2016-12-14
Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016
Table of Contents
Introduction
Six things we learned this year that we didn’t know before
1. That the underground economy is more sophisticated and bigger than ever: xDedic – the shady marketplace
2. That the biggest financial heist did not involve a stock exchange: the SWIFT-enabled transfers
3. That critical infrastructure is worryingly vulnerable: the BlackEnergy attacks
4. That a targeted attack can have no pattern: the ProjectSauron APT
5. That the online release of vast volumes of data can be an influential tactic: ShadowBrokers and other data dumps
6. That a camera could be part of a global cyber-army: the insecure Internet of Things
Other top threats
Inventive APTs
New zero-days
The hunt for financial gain
The ultimate vulnerability: people
Mobile advertising
The imp
Securelist
IT threat evolution in Q2 2016. Overview
blogs_securelist·2016-08-11
IT threat evolution in Q2 2016. Overview
Table of Contents
- Targeted attacks and malware campaigns
- Malware stories
- Data breaches
Authors
- David Emm
- Roman Unuchek
Download the full report (PDF)
## Targeted attacks and malware campaigns
### Cha-ching! Skimming off the cream
Earlier in the year, as part of an incident response investigation, we uncovered a new version of the Skimer ATM malware. The malware, which first surfaced in 2009, has been re-designed. So too have the tactics of the cybercriminals using it. The new ATM infector has been targeting ATMs around the world, including the UAE, France, the United States, Russia, Macau, China, the Philippines, Spain, Germany, Georgia, Poland, Brazil and the Czech Republic.
Rather than the well-established method of fitting a fake card-reader to the ATM, the attackers
Unit42
Operation Ke3chang Resurfaces With New TidePool Malware
blogs_unit42·2016-05-22·CVSS 7.8
[HIGH] Operation Ke3chang Resurfaces With New TidePool Malware
### Introduction
Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool. It has strong behavioral ties to Ke3chang and is being used in an ongoing attack campaign against Indian embassy personnel worldwide. This targeting is also consistent with previous attacker TTPs; Ke3chang historically targeted the Ministry of Affairs, and also conducted several prior campaigns against India.
Though we don’t have comprehensive targeting information, the spear phishing emails we found targeted several Indian embassies in different countries. One decoy refer
Unit42
Operation Ke3chang Resurfaces With New TidePool Malware
blogs_unit42·2016-05-22·CVSS 7.8
CVE-2015-2545 [HIGH] Operation Ke3chang Resurfaces With New TidePool Malware
Threat Research Center
Threat Research
Malware
## Operation Ke3chang Resurfaces With New TidePool Malware
Micah Yates
Mike Scott
Brandon Levene
Jen Miller-Osborn
Tom Keigher
Published: May 22, 2016
Malware
Threat Research
BS2005
CVE-2015-2545
Ke3chang
Operation Ke3chang
TidePool
## Introduction
Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool. It has strong behavioral ties to Ke3chang and is being used in an ongoing attack campaign against Indian embassy personnel worldwide. This targeting is also consistent with previ
Unit42
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
blogs_unit42·2016-04-22·CVSS 7.8
[HIGH] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
Malware writers have always sought to develop feature-rich, easy to use tools that are also somewhat hard to detect via both host- and network-based detection systems. For many years, one of the go-to families of malware used by both less-skilled and advanced actors has been the Poison Ivy (aka PIVY) RAT. Poison Ivy has a convenient graphical user interface (GUI) for managing compromised hosts and provides easy access to a rich suite of post-compromise tools. It is no surprise it’s now being used against pro-democracy organizations and supporters in Hong Kong that have long been a target of advanced attack campaigns.
Despite its simplicity and prevalence, detection rates for both AV and IDS systems has always been surprisingly low for Poison Ivy. Possibly for these reasons, since the mid-
Unit42
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
blogs_unit42·2016-04-22
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
Threat Research Center
Threat Research
Malware
## New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
Micah Yates
Mike Scott
Brandon Levene
Jen Miller-Osborn
Published: April 21, 2016
Malware
Threat Research
DLL
PIVY
Poison Ivy
SPIVY
Malware writers have always sought to develop feature-rich, easy to use tools that are also somewhat hard to detect via both host- and network-based detection systems. For many years, one of the go-to families of malware used by both less-skilled and advanced actors has been the Poison Ivy (aka PIVY) RAT. Poison Ivy has a convenient graphical user interface (GUI) for managing compromised hosts and provides easy access to a rich suite of post-compromise tools. It is no surprise it’s now being used against pro-democracy organiza
Crowdstrike
Arrests Put New Focus on CARBON SPIDER Adversary Group
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Arrests Put New Focus on CARBON SPIDER Adversary Group
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
arxiv_fulltext·2025-02-12
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Almuthanna Alageel
and
Sergio Maffeis
Department of Computing
Imperial College London
London, United Kingdom
plain
plain
## Abstract
The scarcity of data and the high complexity of Advanced Persistent Threats (APTs) attacks have created challenges in comprehending their behavior and hindered the exploration of effective detection techniques.
To create an effective APT detection strategy, it is important to examine the Tactics, Techniques, and Procedures (TTPs) that have been reported by the industry. These TTPs can be difficult to classify as either malicious or legitimate. When developing an approach for the next generation of network intrusion detection systems (NIDS), it is necessary to
Bugzilla
CVE-2015-8478 v8: multiple vulnerabilities fixed in 4.7.80.23
bugzilla·2015-12-08·CVSS 7.5
CVE-2015-8478 [HIGH] CVE-2015-8478 v8: multiple vulnerabilities fixed in 4.7.80.23
CVE-2015-8478 v8: multiple vulnerabilities fixed in 4.7.80.23
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
---
New CVE was added to cover additional V8 fixes:
Name: CVE-2015-8548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8548
Assigned: 20151213
Reference: http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_
Bugzilla
CVE-2015-6767 chromium-browser: Use-after-free in AppCache
bugzilla·2015-12-02·CVSS 7.5
CVE-2015-6767 [HIGH] CVE-2015-6767 chromium-browser: Use-after-free in AppCache
CVE-2015-6767 chromium-browser: Use-after-free in AppCache
An unspecified Use-after-free flaw was found in the AppCache component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6769 chromium-browser: Cross-origin bypass in core
bugzilla·2015-12-02·CVSS 7.5
CVE-2015-6769 [HIGH] CVE-2015-6769 chromium-browser: Cross-origin bypass in core
CVE-2015-6769 chromium-browser: Cross-origin bypass in core
An unspecified Cross-origin bypass flaw was found in the core component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6770 chromium-browser: Cross-origin bypass in DOM
bugzilla·2015-12-02·CVSS 7.5
CVE-2015-6770 [HIGH] CVE-2015-6770 chromium-browser: Cross-origin bypass in DOM
CVE-2015-6770 chromium-browser: Cross-origin bypass in DOM
An unspecified Cross-origin bypass flaw was found in the DOM component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6765 chromium-browser: Use-after-free in AppCache
bugzilla·2015-12-02·CVSS 10.0
CVE-2015-6765 [CRITICAL] CVE-2015-6765 chromium-browser: Use-after-free in AppCache
CVE-2015-6765 chromium-browser: Use-after-free in AppCache
A Use-after-free was found in AppCache component of Chromium browser.
Upstream bug:
https://code.google.com/p/chromium/issues/detail?id=558589
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6781 chromium-browser: Integer overflow in Sfntly
bugzilla·2015-12-02·CVSS 7.5
CVE-2015-6781 [HIGH] CVE-2015-6781 chromium-browser: Integer overflow in Sfntly
CVE-2015-6781 chromium-browser: Integer overflow in Sfntly
An unspecified Integer overflow flaw was found in the Sfntly component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6780 chromium-browser: Use-after-free in Infobars
bugzilla·2015-12-02·CVSS 6.8
CVE-2015-6780 [MEDIUM] CVE-2015-6780 chromium-browser: Use-after-free in Infobars
CVE-2015-6780 chromium-browser: Use-after-free in Infobars
An unspecified Use-after-free flaw was found in the Infobars component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6786 chromium-browser: Scheme bypass in CSP
bugzilla·2015-12-02·CVSS 4.3
CVE-2015-6786 [MEDIUM] CVE-2015-6786 chromium-browser: Scheme bypass in CSP
CVE-2015-6786 chromium-browser: Scheme bypass in CSP
An unspecified Scheme bypass flaw was found in the CSP component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6778 chromium-browser: Out of bounds access in PDFium
bugzilla·2015-12-02·CVSS 7.5
CVE-2015-6778 [HIGH] CVE-2015-6778 chromium-browser: Out of bounds access in PDFium
CVE-2015-6778 chromium-browser: Out of bounds access in PDFium
An unspecified Out of bounds access flaw was found in the PDFium component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
Bugzilla
CVE-2015-6782 chromium-browser: Content spoofing in Omnibox
bugzilla·2015-12-02·CVSS 4.3
CVE-2015-6782 [MEDIUM] CVE-2015-6782 chromium-browser: Content spoofing in Omnibox
CVE-2015-6782 chromium-browser: Content spoofing in Omnibox
An unspecified Content spoofing flaw was found in the Omnibox component of the Chromium browser.
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2545 https://rhn.redhat.com/errata/RHSA-2015-2545.html
http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545http://www.securitytracker.com/id/1033488https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545http://www.securitytracker.com/id/1033488https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2545
2015-09-09
Published
2022-03-03
Added to CISA KEV
Exploited in the wild