CVE-2015-0063

2015-02-1103:01:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2015-0063

microsoft excel

remote code execution

memory corruption

office document

nvd

8.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.167 Low

EPSS

Percentile

96.0%

JSON

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Excel Remote Code Execution Vulnerability.”

CPENameOperatorVersion
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:excelmicrosoft exceleq2013
microsoft:excelmicrosoft exceleq2007
microsoft:excelmicrosoft exceleq2010
microsoft:officemicrosoft officeeq2010

CPE	Name	Operator	Version
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:excel	microsoft excel	eq	2013
microsoft:excel	microsoft excel	eq	2007
microsoft:excel	microsoft excel	eq	2010
microsoft:office	microsoft office	eq	2010