CVE-2015-1770

CVSS 8.8 HIGHEPSS 35.1%● KEVCWE-824

In short

Microsoft Office 2013 and 2013 RT can be tricked into running harmful code when you open a specially crafted document. The problem is that the software doesn't properly initialize memory, leaving it vulnerable to attack.

Technical detail

Remote code execution vulnerability in Microsoft Office 2013 SP1 and 2013 RT SP1 caused by uninitialized memory use (CWE-824). Attack vector is via maliciously crafted Office documents; pre-condition requires user to open the malicious file. Impact allows arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.

Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1770 http://www.securityfocus.com/bid/75016 http://www.securitytracker.com/id/1032523