{"api_version":"1","generated_at":"2026-04-26T09:24:08+00:00","cve":"CVE-2015-2424","urls":{"html":"https://cve.report/CVE-2015-2424","api":"https://cve.report/api/cve/CVE-2015-2424.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-2424","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-2424"},"summary":{"title":"CVE-2015-2424","description":"Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2015-07-14 21:59:35","updated_at":"2026-04-22 16:30:45"},"problem_types":["CWE-787","n/a","CWE-787 CWE-787 Out-of-bounds Write"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securitytracker.com/id/1032899","name":"http://www.securitytracker.com/id/1032899","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Microsoft Office Multiple Flaws Let Remote Users Bypass ASLR and Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft Security Bulletin MS15-070 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-2424","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2424","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2022-03-03T00:00:00.000Z","lang":"en","value":"CVE-2015-2424 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_viewer","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2011","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2013","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2013","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"rt","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_compatibility_pack","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"powerpoint","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"powerpoint","cpe6":"2010","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"word","cpe6":"2013","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"word_viewer","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2015","cve_id":"2424","cve":"CVE-2015-2424","vendorProject":"Microsoft","product":"PowerPoint","vulnerabilityName":"Microsoft PowerPoint Memory Corruption Vulnerability","dateAdded":"2022-03-03","shortDescription":"Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-03-24","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2015-2424","cwes":"CWE-119","catalogVersion":"2026.04.24","updated_at":"2026-04-24 17:59:34"},"epss":{"cve_year":"2015","cve_id":"2424","cve":"CVE-2015-2424","epss":"0.644800000","percentile":"0.984620000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:23"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T05:17:26.128Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1032899","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1032899"},{"name":"MS15-070","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2015-2424","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-10T19:09:28.931406Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2022-03-03","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-21T23:55:59.213Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2424"}],"timeline":[{"lang":"en","time":"2022-03-03T00:00:00.000Z","value":"CVE-2015-2424 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-07-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"1032899","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1032899"},{"name":"MS15-070","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2015-2424","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1032899","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1032899"},{"name":"MS15-070","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2015-2424","datePublished":"2015-07-14T21:00:00.000Z","dateReserved":"2015-03-19T00:00:00.000Z","dateUpdated":"2025-10-21T23:55:59.213Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-07-14 21:59:35","lastModifiedDate":"2026-04-22 16:30:45","problem_types":["CWE-787","n/a","CWE-787 CWE-787 Out-of-bounds Write"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*","matchCriteriaId":"E4635DA5-27DA-43FF-92AC-A9F80218A2F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*","matchCriteriaId":"FEECD12A-5BEF-4675-B62E-86CF4A7474D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*","matchCriteriaId":"081DE1E3-4622-4C32-8B9C-9AEC1CD20638"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2011:*:*:*:*:macos:*:*","matchCriteriaId":"BCB90D64-B7B2-4301-91E3-A113569371F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*","matchCriteriaId":"552E1557-D6FA-45DD-9B52-E13ACDBB8A62"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*","matchCriteriaId":"71AF058A-2E5D-4B11-88DB-8903C64B13C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*","matchCriteriaId":"AE2E98C5-71A4-4014-AFC4-5438FEC196D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*","matchCriteriaId":"9CCB2D72-B779-4772-8F72-7177E3F47A92"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"32E1400A-836A-4E48-B2CD-2B0A9A8241BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*","matchCriteriaId":"7AC45CB0-6C84-46D3-B16D-170D46822E54"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"2424","Ordinal":"1","Title":"CVE-2015-2424","CVE":"CVE-2015-2424","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"2424","Ordinal":"1","NoteData":"Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"","Type":"Description","Title":"CVE-2015-2424"},{"CveYear":"2015","CveId":"2424","Ordinal":"2","NoteData":"2015-07-14","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"2424","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}