CVE-2015-1641:Microsoft Word and related products are vulnerable to remote code execution via a crafted RTF document (CVE-2015-1641).

splash
Back

Description Preview

The vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code by exploiting a memory corruption vulnerability in the processing of RTF documents.

Overview

This vulnerability, identified as CVE-2015-1641, affects multiple versions of Microsoft Word and related products. It enables remote attackers to execute arbitrary code by sending a specially crafted RTF document to a vulnerable system. The vulnerability poses a significant risk as it allows attackers to take control of the affected system remotely.

Remediation

To mitigate the risk associated with CVE-2015-1641, Microsoft has released security updates addressing the vulnerability. Users and organizations are advised to apply the relevant patches provided by Microsoft to protect their systems from potential exploitation. Additionally, it is recommended to exercise caution when opening RTF documents from untrusted sources to prevent potential attacks leveraging this vulnerability.

References

  1. SecurityTracker: CVE-2015-1641
  2. SecurityFocus: CVE-2015-1641
  3. Microsoft Security Bulletin: MS15-033

Early Warning

Armis Early Warning customers received an advanced alert on this vulnerability.

Armis Alert Date
Apr 15, 2015
CISA KEV Date
Nov 3, 2021
2394days early
Learn More

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Transportation & Warehousing
    Transportation & Warehousing
  5. Educational Services
    Educational Services
  6. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  7. Retail Trade
    Retail Trade
  8. Finance and Insurance
    Finance and Insurance
  9. Management of Companies & Enterprises
    Management of Companies & Enterprises
  10. Other Services (except Public Administration)
    Other Services (except Public Administration)
  11. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  12. Utilities
    Utilities
  13. Information
    Information
  14. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  15. Wholesale Trade
    Wholesale Trade
  16. Accommodation & Food Services
    Accommodation & Food Services
  17. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  18. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  19. Construction
    Construction
  20. Mining
    Mining

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database