CVE-2015-2378

3 documents3 sources

Severity

6.9MEDIUM

EPSS

6.2%

top 9.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Excel Viewer

Timeline

PublishedJul 14

Latest updateMay 14

Description

Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability."

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/excel_viewer2007

▶NVDmicrosoft/excel2007, 2010+1

🔴Vulnerability Details

GHSA

GHSA-2w29-v996-wm97: Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local↗2022-05-14

▶

CVEList

CVE-2015-2378: Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local↗2015-07-14

▶