cvelistv5 - cve-2015-2375

CVE-2015-2375 (GCVE-0-2015-2375)

Vulnerability from cvelistv5 – Published: 2015-07-14 21:00 – Updated: 2024-08-06 05:10

Summary

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1032899	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:10:16.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032899",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032899"
          },
          {
            "name": "MS15-070",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1032899",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032899"
        },
        {
          "name": "MS15-070",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2375",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032899",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032899"
            },
            {
              "name": "MS15-070",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-2375",
    "datePublished": "2015-07-14T21:00:00",
    "dateReserved": "2015-03-19T00:00:00",
    "dateUpdated": "2024-08-06T05:10:16.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*\", \"matchCriteriaId\": \"5E01525C-A3AB-4AB7-82F9-B91E4D552FD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*\", \"matchCriteriaId\": \"E28626D8-AF3A-487F-BAAB-3955E44D2A35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F564117D-450D-45C4-9688-AF35F630A8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\", \"matchCriteriaId\": \"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F33176-442C-4EFF-8EA0-C640D203B939\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4635DA5-27DA-43FF-92AC-A9F80218A2F0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \\\"Microsoft Excel ASLR Bypass Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services en SharePoint Server 2010 SP2, y Excel Service en SharePoint Server 2013 SP1 permiten a atacantes remotos eludir el mecanismo de protecci\\u00f3n ASLR a trav\\u00e9s de una hoja de c\\u00e1lculo manipulada, tambi\\u00e9n conocida como \\u201cVulnerabilidad de evasi\\u00f3n de Microsoft Excel ASLR.\\u201d\"}]",
      "id": "CVE-2015-2375",
      "lastModified": "2024-11-21T02:27:18.457",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-07-14T21:59:10.440",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1032899\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032899\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2375\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2015-07-14T21:59:10.440\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \\\"Microsoft Excel ASLR Bypass Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services en SharePoint Server 2010 SP2, y Excel Service en SharePoint Server 2013 SP1 permiten a atacantes remotos eludir el mecanismo de protecci\u00f3n ASLR a trav\u00e9s de una hoja de c\u00e1lculo manipulada, tambi\u00e9n conocida como \u201cVulnerabilidad de evasi\u00f3n de Microsoft Excel ASLR.\u201d\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5E01525C-A3AB-4AB7-82F9-B91E4D552FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"E28626D8-AF3A-487F-BAAB-3955E44D2A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F564117D-450D-45C4-9688-AF35F630A8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F33176-442C-4EFF-8EA0-C640D203B939\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4635DA5-27DA-43FF-92AC-A9F80218A2F0\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1032899\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1032899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2015-2375

Vulnerability from fkie_nvd - Published: 2015-07-14 21:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	secure@microsoft.com	http://www.securitytracker.com/id/1032899
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032899
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070

Impacted products

Vendor	Product	Version
microsoft	excel	2010
microsoft	excel	2010
microsoft	excel	2013
microsoft	excel	2013
microsoft	sharepoint_server	2010
microsoft	sharepoint_server	2013
microsoft	excel_viewer	2007

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
              "matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services en SharePoint Server 2010 SP2, y Excel Service en SharePoint Server 2013 SP1 permiten a atacantes remotos eludir el mecanismo de protecci\u00f3n ASLR a trav\u00e9s de una hoja de c\u00e1lculo manipulada, tambi\u00e9n conocida como \u201cVulnerabilidad de evasi\u00f3n de Microsoft Excel ASLR.\u201d"
    }
  ],
  "id": "CVE-2015-2375",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-14T21:59:10.440",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1032899"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2015-AVI-297

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Office 2013 RT
Microsoft	Office	SharePoint Server 2013
Microsoft	Office	SharePoint Server 2010
Microsoft	Office	Office pour Mac
Microsoft	Office	Office 2010
Microsoft	Office	Excel Viewer
Microsoft	Office	Office 2013
Microsoft	Office	Office 2007
Microsoft	Office	SharePoint Server 2007
Microsoft	Office	Word Viewer

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-070 du 14 juillet 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Office 2013 RT",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2013",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Excel Viewer",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2013",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2007",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2007",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Word Viewer",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2377"
    },
    {
      "name": "CVE-2015-2376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2376"
    },
    {
      "name": "CVE-2015-2380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2380"
    },
    {
      "name": "CVE-2015-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2379"
    },
    {
      "name": "CVE-2015-2415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2415"
    },
    {
      "name": "CVE-2015-2424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2424"
    },
    {
      "name": "CVE-2015-2375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2375"
    },
    {
      "name": "CVE-2015-2378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2378"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-297",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-070 du 14 juillet 2015",
      "url": "https://technet.microsoft.com/en-us/library/security/MS15-070"
    }
  ]
}

CERTFR-2015-AVI-297

Vulnerability from certfr_avis - Published: - Updated:

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Office 2013 RT
Microsoft	Office	SharePoint Server 2013
Microsoft	Office	SharePoint Server 2010
Microsoft	Office	Office pour Mac
Microsoft	Office	Office 2010
Microsoft	Office	Excel Viewer
Microsoft	Office	Office 2013
Microsoft	Office	Office 2007
Microsoft	Office	SharePoint Server 2007
Microsoft	Office	Word Viewer

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-070 du 14 juillet 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Office 2013 RT",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2013",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Excel Viewer",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2013",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2007",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2007",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Word Viewer",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2377"
    },
    {
      "name": "CVE-2015-2376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2376"
    },
    {
      "name": "CVE-2015-2380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2380"
    },
    {
      "name": "CVE-2015-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2379"
    },
    {
      "name": "CVE-2015-2415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2415"
    },
    {
      "name": "CVE-2015-2424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2424"
    },
    {
      "name": "CVE-2015-2375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2375"
    },
    {
      "name": "CVE-2015-2378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2378"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-297",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-070 du 14 juillet 2015",
      "url": "https://technet.microsoft.com/en-us/library/security/MS15-070"
    }
  ]
}

CNVD-2015-04677

Vulnerability from cnvd - Published: 2015-07-21

Title

Microsoft Excel ASLR绕过漏洞

Description

Microsoft Excel、Excel Viewer和SharePoint Server都是美国微软（Microsoft）公司的产品。Excel是Office套件中的一款电子表格处理软件。Excel Viewer是一套免费的Office Excel电子表格查看器。SharePoint Server是一套企业业务协作平台。 Microsoft Excel中存在安全漏洞。远程攻击者可借助特制的电子表格利用该漏洞绕过ASLR保护机制。

Severity

中

Patch Name

Microsoft Excel ASLR绕过漏洞的补丁

Patch Description

Microsoft Excel、Excel Viewer和SharePoint Server都是美国微软（Microsoft）公司的产品。Excel是Office套件中的一款电子表格处理软件。Excel Viewer是一套免费的Office Excel电子表格查看器。SharePoint Server是一套企业业务协作平台。Microsoft Excel中存在安全漏洞。远程攻击者可借助特制的电子表格利用该漏洞绕过ASLR保护机制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://technet.microsoft.com/security/bulletin/MS15-070

Reference

http://technet.microsoft.com/security/bulletin/MS15-070

Impacted products

Name
['Microsoft Excel 2010 SP2', 'Microsoft Excel 2013 SP1', 'Microsoft Excel 2013 RT SP1', 'Microsoft Office Excel Viewer 2007 SP3', 'Microsoft Excel Services on SharePoint Server 2010 SP2', 'Microsoft Excel Services on SharePoint Server 2013 SP1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2375"
    }
  },
  "description": "Microsoft Excel\u3001Excel Viewer\u548cSharePoint Server\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Excel\u662fOffice\u5957\u4ef6\u4e2d\u7684\u4e00\u6b3e\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002Excel Viewer\u662f\u4e00\u5957\u514d\u8d39\u7684Office Excel\u7535\u5b50\u8868\u683c\u67e5\u770b\u5668\u3002SharePoint Server\u662f\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\r\n\r\nMicrosoft Excel\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7535\u5b50\u8868\u683c\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7ASLR\u4fdd\u62a4\u673a\u5236\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://technet.microsoft.com/security/bulletin/MS15-070",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04677",
  "openTime": "2015-07-21",
  "patchDescription": "Microsoft Excel\u3001Excel Viewer\u548cSharePoint Server\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Excel\u662fOffice\u5957\u4ef6\u4e2d\u7684\u4e00\u6b3e\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002Excel Viewer\u662f\u4e00\u5957\u514d\u8d39\u7684Office Excel\u7535\u5b50\u8868\u683c\u67e5\u770b\u5668\u3002SharePoint Server\u662f\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002Microsoft Excel\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7535\u5b50\u8868\u683c\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7ASLR\u4fdd\u62a4\u673a\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Excel ASLR\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Excel 2010 SP2",
      "Microsoft Excel 2013 SP1",
      "Microsoft Excel 2013 RT  SP1",
      "Microsoft Office Excel Viewer 2007 SP3",
      "Microsoft Excel Services on SharePoint Server 2010 SP2",
      "Microsoft Excel Services on SharePoint Server 2013 SP1"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/MS15-070",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-16",
  "title": "Microsoft Excel ASLR\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2015-2375

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2375

Aliases

CVE-2015-2375

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2375",
    "description": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\"",
    "id": "GSD-2015-2375"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2375"
      ],
      "details": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\"",
      "id": "GSD-2015-2375",
      "modified": "2023-12-13T01:20:00.369079Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2015-2375",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032899",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032899"
          },
          {
            "name": "MS15-070",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-2375"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032899",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032899"
            },
            {
              "name": "MS15-070",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:09Z",
      "publishedDate": "2015-07-14T21:59Z"
    }
  }
}

GHSA-M92J-XXJX-Q8GH

Vulnerability from github – Published: 2022-05-14 02:28 – Updated: 2022-05-14 02:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-14T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka \"Microsoft Excel ASLR Bypass Vulnerability.\"",
  "id": "GHSA-m92j-xxjx-q8gh",
  "modified": "2022-05-14T02:28:20Z",
  "published": "2022-05-14T02:28:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2375"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-070"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032899"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2375 (GCVE-0-2015-2375)

FKIE_CVE-2015-2375

CERTFR-2015-AVI-297

Contournement provisoire

CERTFR-2015-AVI-297

Contournement provisoire

CNVD-2015-04677

GSD-2015-2375

GHSA-M92J-XXJX-Q8GH

Tags

Sightings

Nomenclature