CVE-2015-2423

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

14.9%

top 5.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Internet Explorer Microsoft Office +5 more

Timeline

PublishedAug 15

Latest updateMay 14

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 t…

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages7 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/word4 versions+3

▶NVDmicrosoft/excel2007, 2010, 2013+2

▶NVDmicrosoft/visio4 versions+3

▶NVDmicrosoft/powerpoint2007, 2010, 2013+2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-w76h-498m-3wj9: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

CVEList

CVE-2015-2423: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2015-08-15

▶