What is CVE-2015-2557?

CVE-2015-2557 is a vulnerability in Microsoft Visio, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-10-14.

Is CVE-2015-2557 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Microsoft Visio

CVE-2015-2557

Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Vulnerability class: Buffer Overflow

EPSS: 0.346 (97.1th percentile) — read the EPSS interpretation.

Affected products

Microsoft Visio — versions 2007, 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

MS15-110 (x_refsource_MS, vendor-advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
1033803 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-2557?: CVE-2015-2557 is a vulnerability in Microsoft Visio, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-10-14.
Is CVE-2015-2557 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.