CVE-2015-0063

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/62808	Vendor Advisory
http://www.securityfocus.com/bid/72460	VDB Entry Vendor Advisory
http://www.securitytracker.com/id/1031720	Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100439	VDB Entry
http://secunia.com/advisories/62808	Vendor Advisory
http://www.securityfocus.com/bid/72460	VDB Entry Vendor Advisory
http://www.securitytracker.com/id/1031720	Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100439	VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:microsoft:excel:2007:sp3::::::
	cpe:2.3:a:microsoft:excel:2010:sp2:::::x64:*
	cpe:2.3:a:microsoft:excel:2010:sp2:::::x86:*
	cpe:2.3:a:microsoft:excel:2013:::::::*
	cpe:2.3:a:microsoft:excel:2013:sp3::::::

Configuration 4 (hide)

OR	cpe:2.3:a:microsoft:office:2010:sp2:x64:::::*
	cpe:2.3:a:microsoft:office:2010:sp2:x86:::::*

History

21 Nov 2024, 02:22

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/62808 - Vendor Advisory~~	() http://secunia.com/advisories/62808 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/72460 - VDB Entry, Vendor Advisory~~	() http://www.securityfocus.com/bid/72460 - VDB Entry, Vendor Advisory
References	~~() http://www.securitytracker.com/id/1031720 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1031720 - Third Party Advisory, VDB Entry
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 - Patch, Vendor Advisory~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/100439 - VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/100439 - VDB Entry

03 Oct 2023, 15:36

Type	Values Removed	Values Added
CPE	cpe:2.3:a:microsoft:excel_2013_rt:-:::::::*
References	~~(SECUNIA) http://secunia.com/advisories/62808 -~~	(SECUNIA) http://secunia.com/advisories/62808 - Vendor Advisory
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/100439 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/100439 - VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/72460 -~~	(BID) http://www.securityfocus.com/bid/72460 - VDB Entry, Vendor Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id/1031720 -~~	(SECTRACK) http://www.securitytracker.com/id/1031720 - Third Party Advisory, VDB Entry
References	~~(MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 -~~	(MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012 - Patch, Vendor Advisory

Information

Published : 2015-02-11 03:01

Updated : 2024-11-21 02:22

NVD link : CVE-2015-0063

Mitre link : CVE-2015-0063

CVE.ORG link : CVE-2015-0063

JSON object : View

Products Affected

microsoft

office
office_compatibility_pack
excel
excel_viewer

CWE

CWE-399

Resource Management Errors

9.3 /10