1. Home
  2. CVE Database
  3. CVE-2015-0064
HIGH · 9.3

CVE-2015-0064

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote atta...

Vulnerability Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftWeb Applications2010
MicrosoftOffice Compatibility PackAll versions
MicrosoftWord Automation Services-
MicrosoftWord2007
MicrosoftWord ViewerAll versions
MicrosoftOffice2010
MicrosoftSharepoint Server2010

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2015-0064?

CVE-2015-0064 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote atta...

How severe is CVE-2015-0064?

CVE-2015-0064 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0064?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Web Applications, Microsoft Office Compatibility Pack, Microsoft Word Automation Services, Microsoft Word, Microsoft Word Viewer.