CVE-2015-0064
Summary
| CVE | CVE-2015-0064 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-02-11 03:01:00 UTC |
| Updated | 2018-10-12 22:08:00 UTC |
| Description | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability." |
Risk And Classification
Problem Types: CWE-399
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office | 2010 | sp2 | x64 | All |
| Application | Microsoft | Office | 2010 | sp2 | x86 | All |
| Application | Microsoft | Office | 2010 | sp2 | x64 | All |
| Application | Microsoft | Office | 2010 | sp2 | x86 | All |
| Application | Microsoft | Office Compatibility Pack | All | sp3 | All | All |
| Application | Microsoft | Office Compatibility Pack | All | sp3 | All | All |
| Application | Microsoft | Sharepoint Server | 2010 | All | All | All |
| Application | Microsoft | Sharepoint Server | 2010 | All | All | All |
| Application | Microsoft | Web Applications | 2010 | sp2 | All | All |
| Application | Microsoft | Web Applications | 2010 | sp2 | All | All |
| Application | Microsoft | Word | 2007 | sp3 | All | All |
| Application | Microsoft | Word | 2010 | sp2 | All | All |
| Application | Microsoft | Word | 2007 | sp3 | All | All |
| Application | Microsoft | Word | 2010 | sp2 | All | All |
| Application | Microsoft | Word Automation Services | - | All | All | All |
| Application | Microsoft | Word Automation Services | - | All | All | All |
| Application | Microsoft | Word Viewer | All | All | All | All |
| Application | Microsoft | Word Viewer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Word CVE-2015-0064 Memory Corruption Vulnerability | BID | www.securityfocus.com | |
| Microsoft Office Object Handling Errors in Excel and Word Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Microsoft Security Bulletin MS15-012 - Important | Microsoft Docs | MS | docs.microsoft.com | |
| Microsoft Office 2007 - Malformed Document Stack Buffer Overflow - Windows dos Exploit | EXPLOIT-DB | www.exploit-db.com | |
| Security Advisory SA62808 - Microsoft Office Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.