Cyber Resilience

CVE-2015-1642

HighCISA KEVActive ExploitationEUVD Exploited

Published: 15 August 2015

Published
15 August 2015
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7288 98.8th percentile
Risk Priority 79 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-1642 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 contain a memory corruption vulnerability tracked as CVE-2015-1642 and CWE-787. The flaw is triggered when the applications process a specially crafted document, resulting in an out-of-bounds write that can corrupt memory structures used by the Office components.

An attacker can deliver the malicious document through typical remote vectors such as email or web downloads. Successful exploitation requires the victim to open the file, after which arbitrary code can be executed in the context of the current user, granting full control over confidentiality, integrity, and availability on the affected system. The CVSS 7.8 score reflects the local attack vector combined with the absence of privileges needed and the high impact of code execution.

Microsoft security bulletin MS15-081 addresses the issue by providing updates that correct the memory handling logic in the affected Office versions. Organizations are advised to apply the patches promptly, as the bulletin classifies the vulnerability as critical and includes guidance on deployment via Windows Update or Microsoft Update services.

EU & UK References

Vulnerability details

Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2007, 2010, 2013

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the MS15-081 patch that corrects the out-of-bounds write in Office's memory handling logic for CVE-2015-1642.

preventdetect

Malicious-code protection mechanisms can inspect and block specially crafted Office documents delivered via email or web before they trigger the memory corruption.

prevent

Memory-protection features (e.g., ASLR, DEP) raise the difficulty of converting the CWE-787 out-of-bounds write into successful arbitrary code execution.

References