CVE-2015-0086
First published: Wed Mar 11 2015(Updated: )
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2010-sp2 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =sp3 | |
| Microsoft Office Web Apps Server 2013 | =2013 | |
| Microsoft Office Web Apps Server 2013 | =2013-sp1 | |
| Microsoft SharePoint Server 2010 | =2010-sp2 | |
| Microsoft SharePoint Server 2010 | =2013 | |
| Microsoft SharePoint Server 2010 | =2013-sp1 | |
| Microsoft Web Applications | =2010-sp2 | |
| Microsoft Office Word | =2007-sp3 | |
| Microsoft Office Word | =2010-sp2 | |
| Microsoft Office Word | =2013 | |
| Microsoft Office Word | =2013-sp1 | |
| Microsoft Office Word Viewer |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0086?
CVE-2015-0086 is rated as Critical, indicating it has the potential for severe impact if exploited.
How do I fix CVE-2015-0086?
You can fix CVE-2015-0086 by applying the security updates provided by Microsoft for the affected Office versions.
What systems are affected by CVE-2015-0086?
CVE-2015-0086 affects Microsoft Word 2007 SP3, Word 2010 SP2, Word 2013, Office Compatibility Pack SP3, and several SharePoint and Web Applications versions.
What type of vulnerability is CVE-2015-0086?
CVE-2015-0086 is a remote code execution vulnerability that could allow an attacker to execute arbitrary code on a user's system.
What are the implications of CVE-2015-0086?
Exploitation of CVE-2015-0086 could lead to unauthorized access and control over the affected system, potentially compromising sensitive data.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/2010-sp2
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/sp3
- canonical/microsoft office web apps server 2013
- version/microsoft office web apps server 2013/2013
- version/microsoft office web apps server 2013/2013-sp1
- canonical/microsoft sharepoint server 2010
- version/microsoft sharepoint server 2010/2010-sp2
- version/microsoft sharepoint server 2010/2013
- version/microsoft sharepoint server 2010/2013-sp1
- canonical/microsoft web applications
- version/microsoft web applications/2010-sp2
- canonical/microsoft office word
- version/microsoft office word/2007-sp3
- version/microsoft office word/2010-sp2
- version/microsoft office word/2013
- version/microsoft office word/2013-sp1
- canonical/microsoft office word viewer