Vulnerability Name: | CVE-2015-0064 (CCN-100441) | ||||||||
Assigned: | 2014-11-18 | ||||||||
Published: | 2015-02-10 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability." | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-399 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2015-0064 Source: SECUNIA Type: UNKNOWN 62808 Source: CCN Type: Microsoft Security Bulletin MS15-012 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3032328) Source: BID Type: UNKNOWN 72463 Source: CCN Type: BID-72463 Microsoft Word CVE-2015-0064 Memory Corruption Vulnerability Source: SECTRACK Type: UNKNOWN 1031720 Source: MS Type: UNKNOWN MS15-012 Source: XF Type: UNKNOWN ms-word-cve20150064-code-exec(100441) Source: CCN Type: Packet Storm Security [08-25-2015] Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow Source: EXPLOIT-DB Type: UNKNOWN 37967 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration 6: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |