CVE-2015-2545
Published: 09 September 2015
Summary
CVE-2015-2545 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 contain a vulnerability that permits remote attackers to execute arbitrary code through a malformed EPS image file. The flaw is tracked as CVE-2015-2545 and carries a CVSS 3.1 base score of 7.8, reflecting local attack vector, low attack complexity, no required privileges, and required user interaction.
An attacker can deliver the crafted EPS image via email, a malicious document, or another file-sharing mechanism; once the recipient opens the file in an affected Office application, the vulnerability allows arbitrary code execution with the privileges of the current user. Public exploit material demonstrates successful bypass of EMET protections in addition to code execution.
Microsoft security bulletin MS15-099 addresses the issue and supplies patches for the listed Office versions. The bulletin constitutes the primary source of official remediation guidance.
Exploits targeting this vulnerability have been publicly discussed, including techniques that evade existing exploit-mitigation tools such as EMET.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-2638
Vulnerability details
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the MS15-099 patches that eliminate the EPS parsing flaw before any crafted image can be processed.
Malicious-code protection mechanisms can inspect incoming Office documents and block or alert on known exploit patterns that deliver the malformed EPS payload.
Least-privilege execution ensures that even successful code execution via the EPS flaw is confined to the privileges of the logged-on user rather than elevated rights.