CVE-2015-2523

Microsoft Excel Remote Code Execution via Crafted Office Document

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2523. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a use-after-free vulnerability in Microsoft Excel 2007, 2010, and 2013. The crash occurs due to a freed heap chunk being accessed, leading to potential remote code execution.

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/38214

This exploit demonstrates a use-after-free vulnerability in Microsoft Excel 2007, 2010, and 2013. The crash occurs due to a freed heap chunk being accessed, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Excel 2007, 2010, 2013
No auth needed
Prerequisites: Malformed Excel file (XLS)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033488
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38214/

Scores

EPSS 0.3031
EPSS Percentile 98.0%

Details

CWE
CWE-119
Status published
Products (7)
microsoft/excel 2007 sp3
microsoft/excel 2010 sp2 (2 CPE variants)
microsoft/excel 2011
microsoft/excel 2013 sp1 (2 CPE variants)
microsoft/excel 2016
microsoft/excel_viewer
microsoft/office_compatibility_pack
Published Sep 09, 2015
Tracked Since Feb 18, 2026