CVE-2015-2523

Microsoft Excel - Memory Corruption

Title source: rule

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/38214

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033488

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38214/

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099

Scores

EPSS 0.7402

EPSS Percentile 98.8%

Details

CWE

CWE-119

Status published

Products (7)

microsoft/excel 2007 sp3

microsoft/excel 2010 sp2 (2 CPE variants)

microsoft/excel 2011

microsoft/excel 2013 sp1 (2 CPE variants)

microsoft/excel 2016

microsoft/excel_viewer

microsoft/office_compatibility_pack

Published Sep 09, 2015

Tracked Since Feb 18, 2026