⚠ Actively exploited

Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2015-2545 — Improper Input Validation in Microsoft Office

CWE-20 — Improper Input Validation27 documents10 sources

Severity

7.8HIGHNVD

EPSS

93.4%

top 0.18%

CISA KEV

KEV

Added 2022-03-03

Due 2022-03-24

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Office

Timeline

PublishedSep 9

KEV addedMar 3

KEV dueMar 24

Latest updateFeb 12

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/office4 versions+3

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qgf7-rc56-jhwp: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microso↗2022-05-14

▶

VulnCheck

Microsoft Office Malformed EPS File Vulnerability↗2015

▶

📋Vendor Advisories

CISA

Microsoft Office Malformed EPS File Vulnerability↗2022-03-03

▶

🕵️Threat Intelligence

Fortinet

Debugging PostScript with Ghostscript↗2018-07-26

▶

Unit42

Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent↗2018-03-07

▶

Unit42

Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent↗2018-03-07

▶

Fortinet

Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers↗2017-09-20

▶

Securelist

Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016↗2016-12-14

▶

📄Research Papers

arXiv

Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures↗2025-02-12

▶

💬Community

Bugzilla

CVE-2015-8478 v8: multiple vulnerabilities fixed in 4.7.80.23↗2015-12-08

▶

Bugzilla

CVE-2015-6767 chromium-browser: Use-after-free in AppCache↗2015-12-02

▶

Bugzilla

CVE-2015-6769 chromium-browser: Cross-origin bypass in core↗2015-12-02

▶

Bugzilla

CVE-2015-6770 chromium-browser: Cross-origin bypass in DOM↗2015-12-02

▶

Bugzilla

CVE-2015-6765 chromium-browser: Use-after-free in AppCache↗2015-12-02

▶