Morphisec Cybersecurity Blog

CVE-2015-2545 Still Being Exploited, Still Can’t Get Past Morphisec

Written by Morphisec Team | May 31, 2016 at 8:04 PM

CVE-2015-2545 is the vulnerability that just keeps on giving. First spotted in August 2015, in a targeted attack by the Platinum Group, it allows attackers to bypass system memory protections via a malicious EPS image file embedded in a Microsoft Office document. Morphisec’s Michael Gorelik published a detailed technical analysis at the PostScript Abstraction Level back in February, when it popped up again in connection with attacks against Indian governmental agencies.


Microsoft patched the flaw in November 2015, but cyber criminals and APT groups continue to successfully use the exploit to gain a foothold in targeted systems. Not surprising given the difficulties many organizations have keeping up with patching. Kaspersky Labs recently reported that the use of the CVE-2015-2545 is increasing, in new variants that go undetected by most antivirus systems, as part of increasingly sophisticated attacks.

Morphisec customers have no reason to worry. In any variant, Morphisec stops the attack at the very beginning of the killchain. It’s almost anti-climactic: The attackers work so hard to create a clever chain of events but they never even get off the ground.

Enjoy the brief action in this real-time video and catch a glimpse of the recently released version of our management console.