CVE-2015-2424
high
Microsoft
⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
76.5%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: July 14, 2015 (3957 days ago)
Last Modified: April 22, 2026
Vendor: Microsoft
Source: NVD
⚠️ CISA Known Exploited Vulnerability
Added to KEV: 2022-03-03
Remediation Due: 2022-03-24 (⚠ 1513d overdue)
Vulnerability Report
Generated by CyberWatcher
Description
Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CWE
CWE-787Affected Products
microsoft excel viewermicrosoft officemicrosoft office compatibility packmicrosoft powerpointmicrosoft wordmicrosoft word viewer