What is CVE-2015-2470?

CVE-2015-2470 is a vulnerability in Microsoft Office, classified under CWE-189. Published 2015-08-15.

Is CVE-2015-2470 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office

CVE-2015-2470

Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Inte…

EPSS: 0.668 (98.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2010, 2011, 2013
Microsoft Word — versions 2007
Microsoft Word_viewer
N/a — versions n/a

Weakness classification (CWE)

CWE-189

Public proof-of-concept exploits

Parist0nH1ll/Vulnerabilities-Write-Ups

References

37924 (exploit, x_refsource_EXPLOIT-DB)
MS15-081 (x_refsource_MS, vendor-advisory)
1033239 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-2470?: CVE-2015-2470 is a vulnerability in Microsoft Office, classified under CWE-189. Published 2015-08-15.
Is CVE-2015-2470 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.