Lucene search
MicrosoftCVE-2015-2520HistorySep 09, 2015 - 12:59 a.m.
CVE-2015-2520
2015-09-0900:59:32
CWE-119
microsoft
web.nvd.nist.gov
65
cve-2015-2520
microsoft excel
remote code execution
office document
memory corruption
vulnerability
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.957
Percentile
99.4%
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
Affected configurations
Node
microsoftexcelMatch2007sp3
ORmicrosoftexcelMatch2010sp2x64
ORmicrosoftexcelMatch2010sp2x86
ORmicrosoftexcelMatch2011mac
ORmicrosoftexcelMatch2013sp1
ORmicrosoftexcelMatch2013sp1rt
ORmicrosoftexcelMatch2016mac
ORmicrosoftexcel_viewer
ORmicrosoftoffice_compatibility_packsp3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | excel | 2007 | cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:* |
| microsoft | excel | 2010 | cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:* |
| microsoft | excel | 2010 | cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:* |
| microsoft | excel | 2011 | cpe:2.3:a:microsoft:excel:2011:*:*:*:*:mac:*:* |
| microsoft | excel | 2013 | cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:* |
| microsoft | excel | 2013 | cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:* |
| microsoft | excel | 2016 | cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac:*:* |
| microsoft | excel_viewer | * | cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:* |
| microsoft | office_compatibility_pack | * | cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
2015-09-16 00:00:00
prion
prion
Memory corruption
2015-09-09 00:59:00
symantec
symantec
Microsoft Office CVE-2015-2520 Memory Corruption Vulnerability
2015-09-08 00:00:00
cvelist
cvelist
CVE-2015-2520
2015-09-09 00:00:00
nvd
nvd
CVE-2015-2520
2015-09-09 00:59:32
checkpoint_advisories
checkpoint_advisories
Microsoft Office Memory Corruption (MS15-099: CVE-2015-2520)
2015-09-08 00:00:00
nessus
nessus
openvas
openvas
mskb
mskb
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2015-09-15 00:00:00
kaspersky
kaspersky
KLA10661 Multiple vulnerabillities in Microsoft Office
2015-09-08 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.957
Percentile
99.4%
Related for CVE-2015-2520