CVE-2015-2375

Published: Jul 14, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability."

Affected (7)

Products: Microsoft: Excel, Sharepoint Server, Excel Viewer

3 products

Sharepoint Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2010 sp2
Microsoft Excel	Version 2010 sp2
Microsoft Excel	Version 2013 sp1
Microsoft Excel	Version 2013 sp1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Server	Version 2010 sp2
Microsoft Sharepoint Server	Version 2013 sp1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel Viewer	Version 2007 sp3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securitytracker.com/id/1032899

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070

Source: secure@microsoft.com

http://www.securitytracker.com/id/1032899

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.