CVE-2015-1641

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 14, 2015
Updated: Jul 24, 2024
CWE ID 787

Summary

CVE-2015-1641 is a critical vulnerability affecting multiple Microsoft Office products, including Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1. This issue allows remote attackers to execute arbitrary code by exploiting a memory corruption vulnerability in the way these applications handle specially crafted RTF documents. Successful exploitation could result in the attacker gaining control of the affected system. Users are advised to install the available patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Office Word
  • Microsoft SharePoint Server
  • Microsoft Office Web Apps
  • Microsoft Office
  • Microsoft Office Compatibility Pack

Affected Vendors

  • Microsoft