CVE-2015-6172

CVE Database · CVE-2015-6172

CVE-2015-6172

· N/AModified

CVSS v3.1

N/A

EPSS

54.52%

Published

Dec 9, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."

Weaknesses (CWE)

CWE-20

Affected Products (7)

microsoft · officevulnerable

microsoft · office_compatibility_packvulnerable

microsoft · wordvulnerable

References (4)

http://www.securitytracker.com/id/1034325

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131

http://www.securitytracker.com/id/1034325

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131

KEV Catalog EPSS Scores Vendors All CVEs