CVE-2015-0063 — Out-of-bounds Write in Microsoft Excel

CWE-3996 documents5 sources

Severity

9.3CRITICALNVD

EPSS

34.1%

top 3.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Office

Timeline

PublishedFeb 11

Latest updateMay 14

Description

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/excel2007, 2010, 2013+2

▶NVDmicrosoft/office2010

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-p82h-pr5c-g96w: Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility↗2022-05-14

▶

CVEList

CVE-2015-0063: Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility↗2015-02-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed↗2015-02-10

▶

Talos

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed↗2015-02-10

▶

💬Community

Bugzilla

CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability↗2015-10-22

▶