CVE-2015-2376: Buffer Overflow
First published: Tue Jul 14 2015(Updated: )
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Excel | =2007-sp3 | |
| Microsoft Office Excel | =2010-sp2 | |
| Microsoft Office Excel | =2010-sp2 | |
| Microsoft Office Excel | =2013-sp1 | |
| Microsoft Office Excel | =2013-sp1 | |
| Microsoft Office Excel Viewer | =2007-sp3 | |
| Microsoft Office for Mac | =2011 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =sp3 | |
| Microsoft SharePoint Designer 2013 | =2007-sp3 | |
| Microsoft SharePoint Designer 2013 | =2010-sp2 | |
| Microsoft SharePoint Designer 2013 | =2013-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2376?
CVE-2015-2376 is classified as a critical vulnerability, allowing remote code execution.
How do I fix CVE-2015-2376?
To fix CVE-2015-2376, apply the security updates provided by Microsoft for the affected versions of Excel and other Microsoft products.
What versions of Microsoft Excel are affected by CVE-2015-2376?
CVE-2015-2376 affects Microsoft Excel 2007 SP3, 2010 SP2, 2013 SP1, and Excel Viewer 2007 SP3, among other associated software.
Can CVE-2015-2376 be exploited without user interaction?
Yes, CVE-2015-2376 can be exploited when a user opens a specially crafted file, which may allow an attacker to execute arbitrary code.
Is there a workaround for CVE-2015-2376?
While updating is the best remedy, temporary workarounds include avoiding opening untrusted Excel files until the vulnerability is patched.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft office excel
- version/microsoft office excel/2007-sp3
- version/microsoft office excel/2010-sp2
- version/microsoft office excel/2013-sp1
- canonical/microsoft office excel viewer
- version/microsoft office excel viewer/2007-sp3
- canonical/microsoft office for mac
- version/microsoft office for mac/2011
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/sp3
- canonical/microsoft sharepoint designer 2013
- version/microsoft sharepoint designer 2013/2007-sp3
- version/microsoft sharepoint designer 2013/2010-sp2
- version/microsoft sharepoint designer 2013/2013-sp1