CVE-2015-1641 | Microsoft Office - Word Operational Intel

Executive Risk Summary

"A remote code execution vulnerability exists in Microsoft Office Word due to a memory corruption issue when processing crafted RTF documents. This vulnerability can be exploited by an attacker to execute arbitrary code on the affected system."

Anticipated Attack Path

1. Phishing or social engineering to deliver the crafted RTF document
2. Exploitation of the memory corruption vulnerability in Microsoft Office Word
3. Execution of arbitrary code on the affected system

Am I Vulnerable?

Verify if Microsoft Office Word is installed and if the version is vulnerable
Check for any suspicious RTF documents or attachments
Apply the patch from Microsoft to fix the vulnerability

Operational Audit Arsenal

Target Type Process

Target Asset winword.exe

Standard Path C:\Program Files\Microsoft Office\Root\Office16

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: winword.exe (Process)
$Targets = 'winword.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}