PT-2015-5764 · Microsoft · Office For Mac+2

Published

2015-08-11

Updated

2018-10-12

CVE-2015-2469

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2010 SP2 Office for Mac version 2011

Description A remote code execution issue exists in Microsoft Office software due to its failure to properly handle objects in memory. An attacker could exploit this by using a specially crafted file, allowing them to perform actions in the security context of the current user. This requires a user to open the specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office versions 2007 SP3 through 2010 SP2, update to a version that properly handles objects in memory to prevent exploitation. For Office for Mac version 2011, update to a version that properly handles objects in memory to prevent exploitation.

Exploit

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2015-2469

Affected Products

Office

Office Word

Office For Mac

PT-2015-5764 · Microsoft · Office For Mac+2

CVE-2015-2469

Weakness Enumeration

Related Identifiers

Affected Products

References · 7