CVE-2015-6038

2015-11-1111:59:00

CWE-119

[email protected]

web.nvd.nist.gov

excel

microsoft

cve-2015-6038

remote code execution

nvd

security vulnerability

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.809 High

EPSS

Percentile

98.3%

JSON

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2013
microsoft:sharepoint_servermicrosoft sharepoint servereq2007
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:excel_for_macmicrosoft excel for maceq2011
microsoft:sharepoint_servermicrosoft sharepoint servereq2010
microsoft:excel_for_macmicrosoft excel for maceq2016
microsoft:sharepoint_servermicrosoft sharepoint servereq2013
microsoft:office_compatibility_packmicrosoft office compatibility packeq-
microsoft:excelmicrosoft exceleq2007
microsoft:excelmicrosoft exceleq2010

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2013
microsoft:sharepoint_server	microsoft sharepoint server	eq	2007
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:excel_for_mac	microsoft excel for mac	eq	2011
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010
microsoft:excel_for_mac	microsoft excel for mac	eq	2016
microsoft:sharepoint_server	microsoft sharepoint server	eq	2013
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	-
microsoft:excel	microsoft excel	eq	2007
microsoft:excel	microsoft excel	eq	2010