Lucene search

K
cve[email protected]CVE-2015-2375
HistoryJul 14, 2015 - 9:59 p.m.

CVE-2015-2375

2015-07-1421:59:10
CWE-200
web.nvd.nist.gov
36
microsoft
excel
aslr
bypass
vulnerability
cve-2015-2375
nvd
spreadsheet
sharepoint
remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.529

Percentile

97.6%

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka β€œMicrosoft Excel ASLR Bypass Vulnerability.”

Affected configurations

NVD
Node
microsoftexcelMatch2010sp2x64
OR
microsoftexcelMatch2010sp2x86
OR
microsoftexcelMatch2013sp1
OR
microsoftexcelMatch2013sp1rt
Node
microsoftsharepoint_serverMatch2010sp2
OR
microsoftsharepoint_serverMatch2013sp1
Node
microsoftexcel_viewerMatch2007sp3
VendorProductVersionCPE
microsoftexcel2013cpe:/a:microsoft:excel:2013:sp1::
microsoftexcel2010cpe:/a:microsoft:excel:2010:sp2::
microsoftexcel2013cpe:/a:microsoft:excel:2013:sp1:rt:

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.529

Percentile

97.6%