CVE-2015-2558

2015-10-1401:59:13

microsoft

web.nvd.nist.gov

cve-2015-2558

use-after-free

microsoft excel

remote code execution

memory corruption

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.646

Percentile

97.9%

JSON

Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2007sp3

microsoftexcelMatch2010sp2x64

microsoftexcelMatch2010sp2x86

microsoftexcelMatch2013sp1

microsoftexcelMatch2013sp1rt

microsoftexcelMatch2016

microsoftexcel_for_macMatch2011

microsoftexcel_for_macMatch2016

microsoftexcel_viewer

microsoftoffice_compatibility_packsp3

microsoftoffice_sharepoint_serverMatch2007sp3x32

microsoftoffice_sharepoint_serverMatch2007sp3x64

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013sp1

VendorProductVersionCPE
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*
microsoftexcel2013cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*
microsoftexcel2013cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*
microsoftexcel2016cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
microsoftexcel_for_mac2011cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*
microsoftexcel_for_mac2016cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*
microsoftexcel_viewer*cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
microsoftoffice_compatibility_pack*cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp3::::::
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2:::::x64:*
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2:::::x86:*
microsoft	excel	2013	cpe:2.3:a:microsoft:excel:2013:sp1::::::
microsoft	excel	2013	cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::*
microsoft	excel	2016	cpe:2.3:a:microsoft:excel:2016:::::::*
microsoft	excel_for_mac	2011	cpe:2.3:a:microsoft:excel_for_mac:2011:::::::*
microsoft	excel_for_mac	2016	cpe:2.3:a:microsoft:excel_for_mac:2016:::::::*
microsoft	excel_viewer	*	cpe:2.3:a:microsoft:excel_viewer::::::::
microsoft	office_compatibility_pack	*	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*