Skip to main content
CVE-2015-1642 HIGH KEV PATCH THREAT Act Now

Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 72.9%.

Buffer Overflow Microsoft RCE Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
72.9%
Threat
5.2
CVE-2015-2468 CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.8%.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +5
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
71.8%
Threat
5.5
CVE-2015-2469 CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.2%.

RCE Buffer Overflow Microsoft Office Word
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
69.2%
Threat
5.4
CVE-2015-2467 CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.2%.

RCE Buffer Overflow Microsoft Office
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
69.2%
Threat
5.4
CVE-2015-1769 MEDIUM POC KEV PATCH THREAT Act Now

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation Microsoft RCE
NVD VulDB
CVSS 3.1
6.6
EPSS
31.8%
Threat
5.3
CVE-2015-2470 CRITICAL POC THREAT Emergency

Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 66.8%.

RCE Microsoft Office Word Word Viewer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
66.8%
Threat
5.4
CVE-2015-2431 CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.7%.

RCE Microsoft Live Meeting Lync Lync Basic +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
64.7%
Threat
5.3
CVE-2015-2459 CRITICAL POC PATCH THREAT Act Now

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 54.7%.

Adobe RCE Microsoft Windows 10 Windows 7 +7
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
54.7%
Threat
5.0
CVE-2015-2458 CRITICAL POC PATCH THREAT Act Now

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 54.7%.

Adobe RCE Microsoft Windows 10 Windows 7 +7
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
54.7%
Threat
5.0
CVE-2015-2455 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
53.2%
Threat
5.0
CVE-2015-2460 CRITICAL POC PATCH THREAT Act Now

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 51.8%.

Adobe RCE Microsoft Net Framework
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
51.8%
Threat
4.9
CVE-2015-2432 CRITICAL POC PATCH THREAT Act Now

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 50.6%.

Adobe RCE Microsoft Windows 7 Windows 8 +6
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
50.6%
Threat
4.9
CVE-2015-2464 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.1%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
48.1%
Threat
4.8
CVE-2015-2462 CRITICAL POC PATCH THREAT Act Now

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

Adobe RCE Microsoft Net Framework Windows 10 +8
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
41.5%
Threat
4.6
CVE-2015-2456 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
41.5%
Threat
4.6
CVE-2015-2461 CRITICAL POC PATCH THREAT Act Now

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.1%.

Adobe RCE Microsoft Windows 10 Windows 7 +7
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
41.1%
Threat
4.6
CVE-2015-2463 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
38.6%
Threat
4.5
CVE-2015-2481 CRITICAL Emergency

The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 39.1% and no vendor patch available.

RCE Privilege Escalation Microsoft Net Framework
NVD
CVSS 2.0
9.3
EPSS
39.1%
CVE-2015-2480 CRITICAL Emergency

The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 39.1% and no vendor patch available.

RCE Privilege Escalation Microsoft Net Framework
NVD
CVSS 2.0
9.3
EPSS
39.1%
CVE-2015-2479 CRITICAL Emergency

The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 39.1% and no vendor patch available.

RCE Privilege Escalation Microsoft Net Framework
NVD
CVSS 2.0
9.3
EPSS
39.1%
CVE-2015-2466 CRITICAL Emergency

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 39.1% and no vendor patch available.

RCE Microsoft Office
NVD
CVSS 2.0
9.3
EPSS
39.1%
CVE-2015-2477 CRITICAL Emergency

Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Word Viewer
NVD
CVSS 2.0
9.3
EPSS
37.5%
CVE-2015-2474 CRITICAL Emergency

Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action, aka. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.6% and no vendor patch available.

RCE Buffer Overflow Microsoft Windows Server 2008 Windows Vista
NVD
CVSS 2.0
9.0
EPSS
34.6%
CVE-2015-2473 CRITICAL Emergency

Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.8% and no vendor patch available.

RCE Microsoft Windows 7 Windows Server 2008
NVD
CVSS 2.0
9.3
EPSS
31.8%
CVE-2015-2435 CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD
CVSS 2.0
9.3
EPSS
30.2%
CVE-2015-2433 LOW POC PATCH THREAT Monitor

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 17.6%.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 +6
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
17.6%
CVE-2015-2471 MEDIUM This Month

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.5% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
31.5%
CVE-2015-2430 CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
9.3
EPSS
5.3%
CVE-2015-2429 CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
9.3
EPSS
5.3%
CVE-2015-2434 MEDIUM This Month

Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 25.8% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
25.8%
CVE-2015-2476 LOW PATCH Monitor

The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Epss exploitation probability 27.9%.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
2.6
EPSS
27.9%
CVE-2015-2423 MEDIUM PATCH This Month

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.9%.

Information Disclosure Microsoft Excel Office Powerpoint +12
NVD
CVSS 2.0
4.3
EPSS
14.9%
CVE-2015-2440 MEDIUM This Month

Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
12.6%
CVE-2015-2420 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6%.

XSS Microsoft System Center Operations Manager
NVD
CVSS 2.0
4.3
EPSS
12.6%
CVE-2015-2475 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.3% and no vendor patch available.

XSS Microsoft Biztalk Server Windows Server 2008
NVD
CVSS 2.0
4.3
EPSS
10.3%
CVE-2015-2453 MEDIUM PATCH This Month

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 +6
NVD
CVSS 2.0
4.7
EPSS
3.8%
CVE-2015-2472 MEDIUM PATCH This Month

Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 +6
NVD
CVSS 2.0
4.3
EPSS
3.3%
CVE-2015-2428 LOW PATCH Monitor

Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
2.1
EPSS
1.1%
CVE-2015-2454 LOW PATCH Monitor

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
2.1
EPSS
1.0%
CVE-2015-2465 LOW PATCH Monitor

The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 +6
NVD
CVSS 2.0
2.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy