CVE-2015-1651

Vulnerability

A use-after-free vulnerability exists in Microsoft Word 2007 Service Pack 3 (SP3), Microsoft Word Viewer, and the Microsoft Office Compatibility Pack Service Pack 3 (SP3). The flaw occurs when the affected software parses a specially crafted Office document, leading to improper memory handling. An attacker can trigger the vulnerability by convincing a user to open a malicious file. This issue is addressed in Microsoft Security Bulletin MS15-033 [1].

Exploitation

Exploitation requires an attacker to deliver a crafted Office document to a target user, typically via email or a malicious website. No additional privileges or user interaction beyond opening the file are needed. The attacker does not need authenticated access; the user must simply open the document with the vulnerable software. The use-after-free condition is triggered during parsing, allowing the attacker to control program flow [1].

Impact

Successful exploitation grants the attacker arbitrary code execution in the context of the current user. If the user has administrative rights, the attacker can gain full control of the system, including installing programs, viewing or modifying data, and creating new accounts. The impact is limited to the user's privilege level, but the vulnerability is rated Critical due to the potential for remote code execution without authentication [1].

Mitigation

Microsoft released security update MS15-033 on April 14, 2015, which addresses this vulnerability by correcting how Office parses specially crafted files and handles memory. Users should apply the update for affected software: Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. No workarounds are provided in the bulletin. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].