CVE-2015-2470

Vulnerability

CVE-2015-2470 is an integer underflow vulnerability in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer. The flaw exists in how Office handles integer bounds checking when processing specially crafted documents, leading to memory corruption [1]. The crash was reproduced in Office 2007 with the File Validation Add-In disabled and Application Verifier enabled [2].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted Office document. No authentication or special network position is required; the attack vector is remote via email or web hosting. The crash observed in Office 2007 shows a read access violation at MSPTLS!LssbFIsSublineEmpty+0xa327 due to an integer underflow that corrupts memory [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current user. If the user has administrative privileges, the attacker can gain full control of the system, including installing programs, viewing/changing/deleting data, or creating new accounts [1].

Mitigation

Microsoft released security update MS15-081 (KB3080790) on August 11, 2015, which addresses this vulnerability by correcting how Office handles integer bounds checking [1]. Users should apply the update via Windows Update or direct download. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.