Lucene search

MicrosoftCVE-2015-0085

HistoryMar 11, 2015 - 10:59 a.m.

CVE-2015-0085

2015-03-1110:59:12

microsoft

web.nvd.nist.gov

cve-2015-0085

microsoft office

remote code execution

vulnerability

use-after-free

nvd

security advisory

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.908

Percentile

98.9%

JSON

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Component Use After Free Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2007sp3

microsoftexcelMatch2010sp2x86

microsoftexcel_viewer

microsoftofficeMatch2010sp2x64

microsoftofficeMatch2010sp2x86

microsoftofficeMatch2013gold

microsoftofficeMatch2013rt_gold

microsoftofficeMatch2013sp1

microsoftoffice_compatibility_packsp3

microsoftoffice_web_apps_serverMatch2010sp2

microsoftoffice_web_apps_serverMatch2013gold

microsoftoffice_web_apps_serverMatch2013sp1

microsoftpowerpointMatch2007sp3

microsoftpowerpointMatch2010sp2

microsoftsharepoint_foundationMatch2010sp2

microsoftsharepoint_foundationMatch2013--gold

microsoftsharepoint_foundationMatch2013sp1

microsoftsharepoint_serverMatch2007sp3

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013--gold

microsoftsharepoint_serverMatch2013sp1

microsoftsharepoint_servicesMatch3.0sp3

microsoftweb_applicationsMatch2010sp2

microsoftwordMatch2007sp3

microsoftwordMatch2010sp2

microsoftwordMatch2013gold

microsoftwordMatch2013rt_gold

microsoftwordMatch2013sp1

VendorProductVersionCPE
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*
microsoftexcel_viewer*cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:gold:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:rt_gold:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
microsoftoffice_compatibility_pack*cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp3::::::
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2:::::x86:*
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2::::x86::*
microsoft	excel_viewer	*	cpe:2.3:a:microsoft:excel_viewer::::::::
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:::::x64:*
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:::::x86:*
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013::::gold:::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013::::rt_gold:::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013:sp1::::::
microsoft	office_compatibility_pack	*	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*