CVE-2015-6124
published 2015-12-09CVE-2015-6124: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute…
PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
13.71%
96.0th percentile
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | word | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Qualys
Patch Tuesday December 2015 | Qualys
blogs_qualys·2015-12-08
Patch Tuesday December 2015 | Qualys
There we are: the last Patch Tuesday of 2015. It turns out to be about average, with maybe a bit more severity in the bulletins than usually. We have eight critical bulletins in the total 12, including one that fixes a 0-day vulnerability, currently in use by attackers to escalate privileges in Windows. 0-days used to be very rare occasions, but this year they have become almost mainstream. After all the year started off with a string of 0-days in Adobe Flash and since then we have seen almost every month a patch for a vulnerability that is already under attack. Definitely a sign of the increasing technical capabilities that attackers are wielding and a reminder that IT Managers should not only patch their systems promptly, but also look for additional robustness. Your list of things to lo
Qualys
Patch Tuesday December 2015 | Qualys
blogs_qualys·2015-12-08
Patch Tuesday December 2015 | Qualys
There we are: the last Patch Tuesday of 2015. It turns out to be about average, with maybe a bit more severity in the bulletins than usually. We have eight critical bulletins in the total 12, including one that fixes a 0-day vulnerability, currently in use by attackers to escalate privileges in Windows. 0-days used to be very rare occasions, but this year they have become almost mainstream. After all the year started off with a string of 0-days in Adobe Flash and since then we have seen almost every month a patch for a vulnerability that is already under attack. Definitely a sign of the increasing technical capabilities that attackers are wielding and a reminder that IT Managers should not only patch their systems promptly, but also look for additional robustness. Your list of things to lo
2015-12-09
Published