CVE-2015-0097

HIGH Year: 2015
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-19
View all →

Vulnerability Description

Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability."

Related Vulnerabilities

CVE-2012-5357

CRITICAL
CVSS:9.8(Critical)

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE p...

CWE-192012

CVE-2012-5358

CRITICAL
CVSS:9.8(Critical)

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary...

CWE-192012

CVE-2014-10039

CRITICAL
CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will caus...

CWE-192014

CVE-2014-9693

CRITICAL
CVSS:9.8(Critical)

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R0...

CWE-192014

CVE-2015-3991

CRITICAL
CVSS:9.8(Critical)

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

CWE-192015

CVE-2015-5344

CRITICAL
CVSS:9.8(Critical)

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

CWE-192015