What is CVE-2015-6172?

CVE-2015-6172 is a vulnerability in Microsoft Office, classified under Improper Input Validation. Published 2015-12-09.

Is CVE-2015-6172 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Microsoft Office

CVE-2015-6172

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.545 (98.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2010
Microsoft Office_compatibility_pack
Microsoft Word — versions 2007, 2010, 2013
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

MS15-131 (x_refsource_MS, vendor-advisory)
1034325 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-6172?: CVE-2015-6172 is a vulnerability in Microsoft Office, classified under Improper Input Validation. Published 2015-12-09.
Is CVE-2015-6172 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.