CVE-2015-2555

2015-10-1401:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-2555

microsoft excel

remote code execution

vulnerability

nvd

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.77 High

EPSS

Percentile

98.2%

JSON

Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2013
microsoft:excel_for_macmicrosoft excel for maceq2011
microsoft:sharepoint_servermicrosoft sharepoint servereq2010
microsoft:excel_for_macmicrosoft excel for maceq2016
microsoft:sharepoint_servermicrosoft sharepoint servereq2013
microsoft:excelmicrosoft exceleq2010

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2013
microsoft:excel_for_mac	microsoft excel for mac	eq	2011
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010
microsoft:excel_for_mac	microsoft excel for mac	eq	2016
microsoft:sharepoint_server	microsoft sharepoint server	eq	2013
microsoft:excel	microsoft excel	eq	2010