CVE-2015-2521
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer - Remote Code Execution
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-2521. PoCs published by Google Security Research.
AI-analyzed exploit summary This exploit demonstrates a type confusion or memory corruption vulnerability in Microsoft Office 2007 (Excel.exe 12.0.6718.5000) by manipulating the CreateTime field of an OLESSDirectoryEntry structure, leading to a crash and potential arbitrary code execution. The PoC includes a minimized crashing file that triggers the issue when the Office File Validation Add-In is disabled.
Description
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Exploits (1)
This exploit demonstrates a type confusion or memory corruption vulnerability in Microsoft Office 2007 (Excel.exe 12.0.6718.5000) by manipulating the CreateTime field of an OLESSDirectoryEntry structure, leading to a crash and potential arbitrary code execution. The PoC includes a minimized crashing file that triggers the issue when the Office File Validation Add-In is disabled.