CVE-2015-2545

CVSS 7.8 HIGHEPSS 86.1%● KEV

In short

Microsoft Office versions 2007 through 2013 can be exploited through specially crafted EPS image files, allowing attackers to run malicious code on your computer without your knowledge. This happens when you open a document containing a malicious image.

Technical detail

A remote code execution vulnerability in Microsoft Office (2007 SP3 through 2013 RT SP1) via malformed EPS (Encapsulated PostScript) image parsing. The attack vector is document-based; an attacker can craft a malicious EPS file embedded in an Office document, which executes arbitrary code in the context of the Office application when processed, bypassing existing security controls.

Summary generated and translated by AI from the official description.

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2545 http://www.securitytracker.com/id/1033488