CVE-2015-2415

2015-07-1421:59:32

CWE-119

[email protected]

web.nvd.nist.gov

microsoft

excel

remote code execution

crafted office document

memory corruption

vulnerability

cve-2015-2415

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.594 Medium

EPSS

Percentile

97.8%

JSON

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2007sp3

microsoftexcelMatch2010sp2x86

microsoftexcelMatch2013sp1

microsoftexcelMatch2013sp1rt

microsoftoffice_compatibility_packsp3

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2007
microsoft:excelmicrosoft exceleq2010
microsoft:excelmicrosoft exceleq2013
microsoft:office_compatibility_packmicrosoft office compatibility packeq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2007
microsoft:excel	microsoft excel	eq	2010
microsoft:excel	microsoft excel	eq	2013
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*