CVE-2015-1642
Published: 15 August 2015
Summary
CVE-2015-1642 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 contain a memory corruption vulnerability tracked as CVE-2015-1642 and CWE-787. The flaw is triggered when the applications process a specially crafted document, resulting in an out-of-bounds write that can corrupt memory structures used by the Office components.
An attacker can deliver the malicious document through typical remote vectors such as email or web downloads. Successful exploitation requires the victim to open the file, after which arbitrary code can be executed in the context of the current user, granting full control over confidentiality, integrity, and availability on the affected system. The CVSS 7.8 score reflects the local attack vector combined with the absence of privileges needed and the high impact of code execution.
Microsoft security bulletin MS15-081 addresses the issue by providing updates that correct the memory handling logic in the affected Office versions. Organizations are advised to apply the patches promptly, as the bulletin classifies the vulnerability as critical and includes guidance on deployment via Windows Update or Microsoft Update services.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-1772
Vulnerability details
Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the MS15-081 patch that corrects the out-of-bounds write in Office's memory handling logic for CVE-2015-1642.
Malicious-code protection mechanisms can inspect and block specially crafted Office documents delivered via email or web before they trigger the memory corruption.
Memory-protection features (e.g., ASLR, DEP) raise the difficulty of converting the CWE-787 out-of-bounds write into successful arbitrary code execution.