Lucene search

K
cve[email protected]CVE-2015-2377
HistoryJul 14, 2015 - 9:59 p.m.

CVE-2015-2377

2015-07-1421:59:12
CWE-119
web.nvd.nist.gov
39
cve-2015-2377
microsoft excel
remote code execution
denial of service
memory corruption
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.772

Percentile

98.2%

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

Affected configurations

NVD
Node
microsoftexcelMatch2007sp3
OR
microsoftexcelMatch2010sp2x64
OR
microsoftexcelMatch2010sp2x86
OR
microsoftexcelMatch2013sp1
OR
microsoftexcelMatch2013sp1rt
OR
microsoftoffice_compatibility_packsp3
VendorProductVersionCPE
microsoftoffice_compatibility_packcpe:/a:microsoft:office_compatibility_pack::sp3::
microsoftexcel2010cpe:/a:microsoft:excel:2010:sp2::
microsoftexcel2007cpe:/a:microsoft:excel:2007:sp3::
microsoftexcel2013cpe:/a:microsoft:excel:2013:sp1:rt:
microsoftexcel2013cpe:/a:microsoft:excel:2013:sp1::

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.772

Percentile

98.2%