Cyber Resilience

CVE-2015-2545

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 09 September 2015

Published
09 September 2015
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9323 99.8th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-2545 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 contain a vulnerability that permits remote attackers to execute arbitrary code through a malformed EPS image file. The flaw is tracked as CVE-2015-2545 and carries a CVSS 3.1 base score of 7.8, reflecting local attack vector, low attack complexity, no required privileges, and required user interaction.

An attacker can deliver the crafted EPS image via email, a malicious document, or another file-sharing mechanism; once the recipient opens the file in an affected Office application, the vulnerability allows arbitrary code execution with the privileges of the current user. Public exploit material demonstrates successful bypass of EMET protections in addition to code execution.

Microsoft security bulletin MS15-099 addresses the issue and supplies patches for the listed Office versions. The bulletin constitutes the primary source of official remediation guidance.

Exploits targeting this vulnerability have been publicly discussed, including techniques that evade existing exploit-mitigation tools such as EMET.

EU & UK References

Vulnerability details

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2007, 2010, 2013, 2016

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the MS15-099 patches that eliminate the EPS parsing flaw before any crafted image can be processed.

preventdetect

Malicious-code protection mechanisms can inspect incoming Office documents and block or alert on known exploit patterns that deliver the malformed EPS payload.

prevent

Least-privilege execution ensures that even successful code execution via the EPS flaw is confined to the privileges of the logged-on user rather than elevated rights.

References