Lucene search

[email protected]CVE-2015-1682

HistoryMay 13, 2015 - 10:59 a.m.

CVE-2015-1682

2015-05-1310:59:13

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-1682

microsoft office

excel

powerpoint

word

sharepoint

sharepoint server

memory corruption vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.894 High

EPSS

Percentile

98.8%

JSON

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2010sp2x64

microsoftexcelMatch2010sp2x86

microsoftexcelMatch2013sp1rt

microsoftexcel_web_appMatch2010sp2

microsoftofficeMatch2010sp2x64

microsoftofficeMatch2010sp2x86

microsoftofficeMatch2011mac

microsoftofficeMatch2013sp1

microsoftofficeMatch2013sp1rt

microsoftoffice_web_apps_serverMatch2010sp2

microsoftoffice_web_apps_serverMatch2013sp1

microsoftpowerpointMatch2010sp2

microsoftpowerpointMatch2011mac

microsoftpowerpointMatch2013sp1

microsoftpowerpointMatch2013sp1rt

microsoftpowerpoint_viewerMatch-

microsoftsharepoint_foundationMatch2010sp2

microsoftsharepoint_foundationMatch2013sp1

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013sp1

microsoftwordMatch2010sp2

microsoftwordMatch2011mac

microsoftwordMatch2013sp1

microsoftwordMatch2013sp1rt

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2010
microsoft:excelmicrosoft exceleq2013
microsoft:excel_web_appmicrosoft excel web appeq2010
microsoft:officemicrosoft officeeq2010
microsoft:officemicrosoft officeeq2011
microsoft:officemicrosoft officeeq2013
microsoft:office_web_apps_servermicrosoft office web apps servereq2010
microsoft:office_web_apps_servermicrosoft office web apps servereq2013
microsoft:powerpointmicrosoft powerpointeq2010
microsoft:powerpointmicrosoft powerpointeq2011

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2010
microsoft:excel	microsoft excel	eq	2013
microsoft:excel_web_app	microsoft excel web app	eq	2010
microsoft:office	microsoft office	eq	2010
microsoft:office	microsoft office	eq	2011
microsoft:office	microsoft office	eq	2013
microsoft:office_web_apps_server	microsoft office web apps server	eq	2010
microsoft:office_web_apps_server	microsoft office web apps server	eq	2013
microsoft:powerpoint	microsoft powerpoint	eq	2010
microsoft:powerpoint	microsoft powerpoint	eq	2011