CVE-2015-2377Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
37.5%
top 2.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Excel
Timeline
PublishedJul 14
Latest updateMay 14

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/excel2007, 2010, 2013+2

🔴Vulnerability Details

2
GHSA
GHSA-8ghq-5mq6-6g57: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbit2022-05-14
CVEList
CVE-2015-2377: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbit2015-07-14

🕵️Threat Intelligence

2
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-21-2015
Zscaler
Zscaler found IE & MS Office Vulnerabilities | 07-14-2015
CVE-2015-2377 — Microsoft Excel vulnerability | cvebase