CVE-2015-6094

2015-11-1112:59:00

CWE-119

[email protected]

web.nvd.nist.gov

microsoft

excel

remote code execution

vulnerability

cve-2015-6094

nvd

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.809 High

EPSS

Percentile

98.3%

JSON

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2013
microsoft:excelmicrosoft exceleq2016
microsoft:excel_for_macmicrosoft excel for maceq2011
microsoft:excel_for_macmicrosoft excel for maceq2016
microsoft:sharepoint_servermicrosoft sharepoint servereq2013
microsoft:excelmicrosoft exceleq2010

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2013
microsoft:excel	microsoft excel	eq	2016
microsoft:excel_for_mac	microsoft excel for mac	eq	2011
microsoft:excel_for_mac	microsoft excel for mac	eq	2016
microsoft:sharepoint_server	microsoft sharepoint server	eq	2013
microsoft:excel	microsoft excel	eq	2010