CVE Vulnerabilities

CVE-2015-1650

Published: Apr 14, 2015 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Component Use After Free Vulnerability.

Affected Software

Name Vendor Start Version End Version
Office Microsoft 2010-sp2 (including) 2010-sp2 (including)
Office_compatibility_pack Microsoft * *
Office_web_apps Microsoft 2010-sp2 (including) 2010-sp2 (including)
Office_web_apps Microsoft 2013-sp1 (including) 2013-sp1 (including)
Sharepoint_server Microsoft 2010-sp2 (including) 2010-sp2 (including)
Sharepoint_server Microsoft 2013-sp1 (including) 2013-sp1 (including)
Word Microsoft 2007-sp3 (including) 2007-sp3 (including)
Word Microsoft 2010-sp2 (including) 2010-sp2 (including)
Word Microsoft 2013-sp1 (including) 2013-sp1 (including)
Word_viewer Microsoft * *

References