CVE-2015-1641
Published: 14 April 2015
Summary
CVE-2015-1641 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Word. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability CVE-2015-1641 is an out-of-bounds write memory corruption flaw (CWE-787) affecting Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1. It is triggered when these components parse a specially crafted RTF document.
An attacker can exploit the issue by supplying a malicious RTF file that, when opened by a user in an affected application, results in arbitrary code execution. The CVSS 7.8 vector indicates the attack requires local access and user interaction but grants full confidentiality, integrity, and availability impact under the current user's privileges.
Microsoft security bulletin MS15-033 provides official patches and mitigation guidance for the listed products. No additional details on observed exploitation campaigns are present in the supplied references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-1771
Vulnerability details
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps…
more
Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patches (MS15-033) that eliminate the RTF parsing flaw before exploitation can occur.
Enforces memory-protection mechanisms that can block or contain the out-of-bounds write (CWE-787) used to achieve arbitrary code execution.
Deploys malicious-code detection (e.g., AV/EDR signatures or heuristics) that can identify and block the crafted RTF document before the vulnerable parser processes it.