Privilege Escalation Vulnerability in Microsoft Windows and Office Products
CVE-2015-2423

Currently unrated

Key Information:

Vendor: Microsoft
Status: Word; Powerpoint; Excel; Visio
Vendor: CVE Published:; 15 August 2015

Summary

This vulnerability enables remote attackers to escalate privileges and potentially access sensitive information by exploiting crafted command-line parameters within various Microsoft Office applications and Notepad. By leveraging this flaw, attackers can transition from Low Integrity to Medium Integrity contexts, thereby gaining higher privileges on affected systems. This raises significant security concerns for users of Microsoft Windows and its Office suite, underscoring the importance of prompt updates and patches.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1033237

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 15, 2015
Vulnerability Reserved
Mar 19, 2015