<< Back
CVE Number Vulnerability Product Severity Date
MS15-022 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999) Microsoft Office Critical 11-03-2015

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

Detailed Information on the risk:

Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.


Further information on this exploit is available at : MS15-022

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Word Viewer
Microsoft Excel Viewer

Affected Software

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Word Viewer
Microsoft Excel Viewer