| Vulnerability Name: | CVE-2015-2557 (CCN-106745) | ||||||||
| Assigned: | 2015-10-13 | ||||||||
| Published: | 2015-10-13 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||||||
| CVSS v3 Severity: | 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-2557 Source: CCN Type: Microsoft Security Bulletin MS15-110 Security Updates for Microsoft Office (3096440) Source: CCN Type: Microsoft Security Bulletin MS15-116 Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS16-004 Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-042 Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: SECTRACK Type: Third Party Advisory, VDB Entry 1033803 Source: MISC Type: Third Party Advisory, VDB Entry http://www.zerodayinitiative.com/advisories/ZDI-15-519 Source: MS Type: UNKNOWN MS15-110 Source: XF Type: UNKNOWN ms-office-cve20152557-code-exec(106745) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||