CyberSec.Space Logo
Back to CVE Browser

CVE-2015-2545

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score86.9930%
EPSS Percentile98.65th
PublishedSep 9, 2015
Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2010
πŸ“¦
Microsoft

Office

= 2013
πŸ“¦
Microsoft

Office

= 2013
πŸ“¦
Microsoft

Office

= 2016

References & Advisories

πŸ”— http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545
πŸ”— http://www.securitytracker.com/id/1033488
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099
πŸ”— http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545
πŸ”— http://www.securitytracker.com/id/1033488
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2545

Related Vulnerabilities

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2000-085410.0

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.d...

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...