cbcvebase.
CVE-2015-6172
published 2015-12-09

CVE-2015-6172: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers…

PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
53.66%
98.9th percentile
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoftword
microsoftword
microsoftword

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2015-6172 is triggered by a maliciously crafted/formatted email message processed by Outlook — monitor for anomalous Word document rendering initiated from Outlook process context
  • Attack vector is a crafted email message processed by Outlook — inspect incoming email attachments processed by affected Word versions (Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1) for exploitation attempts
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.