CVE-2015-2424
Published: 14 July 2015
Summary
CVE-2015-2424 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Office. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2015-2424 is a memory corruption vulnerability, tracked under CWE-787, that affects Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1. The flaw permits remote attackers to trigger out-of-bounds writes through a specially crafted Office document, resulting in arbitrary code execution or denial of service.
An attacker can deliver the malicious document over the network and achieve code execution or service disruption once the victim opens it in an affected application. The CVSS 3.1 vector indicates the attack requires no privileges but does rely on user interaction to render the document.
Microsoft addressed the issue in security bulletin MS15-070, which provides patches for the listed Office versions. SecurityTracker entries reference the same update and associated exploit details.
The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog, confirming observed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-2517
Vulnerability details
Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via…
more
a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the MS15-070 patches that remediate the out-of-bounds write flaw in the listed Office versions.
Malicious-code detection mechanisms can inspect incoming Office documents and block those crafted to trigger the memory corruption.
Integrity verification of Office binaries or incoming documents can detect unauthorized modifications that exploit CVE-2015-2424.