CVE-2015-2377
Microsoft Excel 2007/2010/2013 & Office Compatibility Pack - Remote Code Execution via Crafted Document
Title source: llmDescription
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032899
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070
Scores
EPSS
0.1360
EPSS Percentile
96.0%
Details
CWE
CWE-119
Status
published
Products (4)
microsoft/excel
2007 sp3
microsoft/excel
2010 sp2 (2 CPE variants)
microsoft/excel
2013 sp1 (2 CPE variants)
microsoft/office_compatibility_pack
Published
Jul 14, 2015
Tracked Since
Feb 18, 2026