cvelistv5 - CVE-2015-0063

CVE-2015-0063 (GCVE-0-2015-0063)

Vulnerability from cvelistv5 – Published: 2015-02-11 02:00 – Updated: 2024-08-06 03:55

Summary

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://secunia.com/advisories/62808	third-party-advisoryx_refsource_SECUNIA
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securitytracker.com/id/1031720	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/72460	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:27.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62808"
          },
          {
            "name": "MS15-012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
          },
          {
            "name": "ms-excel-cve20150063-code-exec(100439)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
          },
          {
            "name": "1031720",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031720"
          },
          {
            "name": "72460",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72460"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "62808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62808"
        },
        {
          "name": "MS15-012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
        },
        {
          "name": "ms-excel-cve20150063-code-exec(100439)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
        },
        {
          "name": "1031720",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031720"
        },
        {
          "name": "72460",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72460"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-0063",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62808",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62808"
            },
            {
              "name": "MS15-012",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
            },
            {
              "name": "ms-excel-cve20150063-code-exec(100439)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
            },
            {
              "name": "1031720",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031720"
            },
            {
              "name": "72460",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72460"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-0063",
    "datePublished": "2015-02-11T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:27.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"44BC7B7B-7191-431C-8CAE-83B3F0EFF03E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"971EC323-267F-4DAF-BA3B-10A47A9F1ADA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"94F5E2F8-0D37-4FCC-B55A-9F09C421272C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*\", \"matchCriteriaId\": \"5E01525C-A3AB-4AB7-82F9-B91E4D552FD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*\", \"matchCriteriaId\": \"E28626D8-AF3A-487F-BAAB-3955E44D2A35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0390EFCA-87B4-42D6-817A-603765F49816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"928192DB-8C38-49BE-83E6-E2C601653E2D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"69998A67-CB15-4217-8AD6-43F9BA3C6454\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*\", \"matchCriteriaId\": \"349E9084-8116-43E9-8B19-CA521C96660D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \\\"Excel Remote Code Execution Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Excel 2007 SP3; las herramientas de pruebas en Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, y RT; Excel Viewer; y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de un documento Office manipulado, tambi\\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\\u00f3n de c\\u00f3digo remoto de Excel.\u0027\"}]",
      "id": "CVE-2015-0063",
      "lastModified": "2024-11-21T02:22:18.050",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-02-11T03:01:06.433",
      "references": "[{\"url\": \"http://secunia.com/advisories/62808\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/72460\", \"source\": \"secure@microsoft.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031720\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100439\", \"source\": \"secure@microsoft.com\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"http://secunia.com/advisories/62808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/72460\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031720\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100439\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0063\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2015-02-11T03:01:06.433\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \\\"Excel Remote Code Execution Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Excel 2007 SP3; las herramientas de pruebas en Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, y RT; Excel Viewer; y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de Excel.\u0027\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"44BC7B7B-7191-431C-8CAE-83B3F0EFF03E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"971EC323-267F-4DAF-BA3B-10A47A9F1ADA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"94F5E2F8-0D37-4FCC-B55A-9F09C421272C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5E01525C-A3AB-4AB7-82F9-B91E4D552FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"E28626D8-AF3A-487F-BAAB-3955E44D2A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0390EFCA-87B4-42D6-817A-603765F49816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"928192DB-8C38-49BE-83E6-E2C601653E2D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"69998A67-CB15-4217-8AD6-43F9BA3C6454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*\",\"matchCriteriaId\":\"349E9084-8116-43E9-8B19-CA521C96660D\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/62808\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/72460\",\"source\":\"secure@microsoft.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031720\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100439\",\"source\":\"secure@microsoft.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/62808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/72460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]}]}}"
  }
}

GHSA-P82H-PR5C-G96W

Vulnerability from github – Published: 2022-05-14 02:29 – Updated: 2022-05-14 02:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0063"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-02-11T03:01:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\"",
  "id": "GHSA-p82h-pr5c-g96w",
  "modified": "2022-05-14T02:29:40Z",
  "published": "2022-05-14T02:29:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0063"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62808"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72460"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2015-0063

Vulnerability from fkie_nvd - Published: 2015-02-11 03:01 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/62808	Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/72460	VDB Entry, Vendor Advisory
secure@microsoft.com	http://www.securitytracker.com/id/1031720	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012	Patch, Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/100439	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62808	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72460	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031720	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/100439	VDB Entry

Impacted products

Vendor	Product	Version
microsoft	office_compatibility_pack	*
microsoft	excel_viewer	*
microsoft	excel	2007
microsoft	excel	2010
microsoft	excel	2010
microsoft	excel	2013
microsoft	excel	2013
microsoft	office	2010
microsoft	office	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
              "matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
              "matchCriteriaId": "0390EFCA-87B4-42D6-817A-603765F49816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "928192DB-8C38-49BE-83E6-E2C601653E2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Excel 2007 SP3; las herramientas de pruebas en Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, y RT; Excel Viewer; y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remoto de Excel.\u0027"
    }
  ],
  "id": "CVE-2015-0063",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-02-11T03:01:06.433",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/62808"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/72460"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031720"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/62808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/72460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2015-AVI-063

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Microsoft Office Service Pack 3
Microsoft	Office	Microsoft SharePoint Server 2010
Microsoft	Office	Microsoft Office Web Apps 2010
Microsoft	Office	Microsoft Office 2007 Service Pack 3
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2013 (éditions 32 bits)
Microsoft	Office	Visionneuse Microsoft Excel
Microsoft	Office	Microsoft Office 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Visionneuse Microsoft Word
Microsoft	Office	Microsoft Office 2013 RT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-012 du 10 février 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Microsoft Office Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visionneuse Microsoft Excel",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visionneuse Microsoft Word",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0064"
    },
    {
      "name": "CVE-2015-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0063"
    },
    {
      "name": "CVE-2015-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0065"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-063",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-02-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-012 du 10 f\u00e9vrier 2015",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS15-012"
    }
  ]
}

CERTFR-2015-AVI-063

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Microsoft Office Service Pack 3
Microsoft	Office	Microsoft SharePoint Server 2010
Microsoft	Office	Microsoft Office Web Apps 2010
Microsoft	Office	Microsoft Office 2007 Service Pack 3
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2013 (éditions 32 bits)
Microsoft	Office	Visionneuse Microsoft Excel
Microsoft	Office	Microsoft Office 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Visionneuse Microsoft Word
Microsoft	Office	Microsoft Office 2013 RT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-012 du 10 février 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Microsoft Office Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visionneuse Microsoft Excel",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visionneuse Microsoft Word",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0064"
    },
    {
      "name": "CVE-2015-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0063"
    },
    {
      "name": "CVE-2015-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0065"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-063",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-02-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-012 du 10 f\u00e9vrier 2015",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS15-012"
    }
  ]
}

GSD-2015-0063

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0063

Aliases

CVE-2015-0063

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0063",
    "description": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\"",
    "id": "GSD-2015-0063"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0063"
      ],
      "details": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\"",
      "id": "GSD-2015-0063",
      "modified": "2023-12-13T01:19:58.431771Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2015-0063",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "62808",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62808"
          },
          {
            "name": "MS15-012",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
          },
          {
            "name": "ms-excel-cve20150063-code-exec(100439)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
          },
          {
            "name": "1031720",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031720"
          },
          {
            "name": "72460",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72460"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-0063"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "72460",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/72460"
            },
            {
              "name": "62808",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/62808"
            },
            {
              "name": "1031720",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1031720"
            },
            {
              "name": "ms-excel-cve20150063-code-exec(100439)",
              "refsource": "XF",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439"
            },
            {
              "name": "MS15-012",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-10-03T15:36Z",
      "publishedDate": "2015-02-11T03:01Z"
    }
  }
}

CNVD-2015-01102

Vulnerability from cnvd - Published: 2015-02-12

Title

Microsoft Word内存破坏漏洞（CNVD-2015-01102）

Description

Microsoft Word是一款微软开发的文字处理系统。 Microsoft Word存在内存破坏漏洞。允许远程攻击者通过一个精心Office文档，执行任意代码或引起拒绝服务(内存崩溃)。

Severity

高

Patch Name

Microsoft Word内存破坏漏洞（CNVD-2015-01102）的补丁

Patch Description

Microsoft Word是一款微软开发的文字处理系统。 Microsoft Word存在内存破坏漏洞。允许远程攻击者通过一个精心Office文档，执行任意代码或引起拒绝服务(内存崩溃)。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://technet.microsoft.com/library/security/ms15-012

Reference

https://technet.microsoft.com/library/security/ms15-012 http://www.securityfocus.com/bid/72460

Impacted products

Name
['Microsoft Excel Viewer null', 'Microsoft Office Compatibility Pack SP3', 'Microsoft Excel 2007 SP3']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72460"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0063"
    }
  },
  "description": "Microsoft Word\u662f\u4e00\u6b3e\u5fae\u8f6f\u5f00\u53d1\u7684\u6587\u5b57\u5904\u7406\u7cfb\u7edf\u3002 \r\n\r\nMicrosoft Word\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u4e00\u4e2a\u7cbe\u5fc3Office\u6587\u6863\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5f15\u8d77\u62d2\u7edd\u670d\u52a1(\u5185\u5b58\u5d29\u6e83)\u3002",
  "discovererName": "Fermin J. Serna of the Google Security Team",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://technet.microsoft.com/library/security/ms15-012",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01102",
  "openTime": "2015-02-12",
  "patchDescription": "Microsoft Word\u662f\u4e00\u6b3e\u5fae\u8f6f\u5f00\u53d1\u7684\u6587\u5b57\u5904\u7406\u7cfb\u7edf\u3002 \r\n\r\nMicrosoft Word\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u4e00\u4e2a\u7cbe\u5fc3Office\u6587\u6863\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5f15\u8d77\u62d2\u7edd\u670d\u52a1(\u5185\u5b58\u5d29\u6e83)\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Word\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2015-01102\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Excel Viewer null",
      "Microsoft Office Compatibility Pack SP3",
      "Microsoft Excel 2007 SP3"
    ]
  },
  "referenceLink": "https://technet.microsoft.com/library/security/ms15-012\r\nhttp://www.securityfocus.com/bid/72460",
  "serverity": "\u9ad8",
  "submitTime": "2015-02-11",
  "title": "Microsoft Word\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2015-01102\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0063 (GCVE-0-2015-0063)

GHSA-P82H-PR5C-G96W

FKIE_CVE-2015-0063

CERTFR-2015-AVI-063

Solution

CERTFR-2015-AVI-063

Solution

GSD-2015-0063

CNVD-2015-01102

Tags

Sightings

Nomenclature