CVE-2015-2424 - OpenCVE

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Word Powerpoint

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:word:2007:sp3::::::
	cpe:2.3:a:microsoft:word:2010:sp2:::::x64:*
	cpe:2.3:a:microsoft:word:2010:sp2::::x86::*
	cpe:2.3:a:microsoft:word:2013:sp1::::::

Configuration 2 [-]

OR	cpe:2.3:a:microsoft:powerpoint:2007:sp3::::::
	cpe:2.3:a:microsoft:powerpoint:2010:sp2::::::
	cpe:2.3:a:microsoft:powerpoint:2013:sp1::::::
	cpe:2.3:a:microsoft:powerpoint:2013:sp1:::rt:::*

References

Link	Resource
http://www.securitytracker.com/id/1032899
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2015-07-14T21:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2015-03-19T00:00:00

Link: CVE-2015-2424

JSON object: View

NVD Information

Status : Modified

Published: 2015-07-14T21:59:35.987

Modified: 2018-10-12T22:09:28.497

Link: CVE-2015-2424

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1032899", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032899"}, {"name": "MS15-070", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2015-2424", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032899", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032899"}, {"name": "MS15-070", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2015-2424", "datePublished": "2015-07-14T21:00:00", "dateReserved": "2015-03-19T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft PowerPoint Memory Corruption Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:x64:*", "matchCriteriaId": "00A48B3D-7639-4F74-83CB-79D951458C0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:x86:*:*", "matchCriteriaId": "8A4BC977-9CE3-4E6A-BEBB-0FFBDD975722", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*", "matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1 y PowerPoint 2013 RT SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios mediante un documento Office manipulado, tambi\u00e9n conocida como 'Vulnerabilidad de corrupci\u00f3n de Memoria en Microsoft Office'."}], "id": "CVE-2015-2424", "lastModified": "2018-10-12T22:09:28.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-07-14T21:59:35.987", "references": [{"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1032899"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}