What is the severity of CVE-2015-2503?

CVE-2015-2503 is considered a critical vulnerability due to its potential for exploitation.

How do I fix CVE-2015-2503?

To fix CVE-2015-2503, ensure that you have the latest security updates installed for the affected Microsoft Office products.

What software versions are affected by CVE-2015-2503?

CVE-2015-2503 affects several Microsoft Office products, including Access 2007 and 2010, Excel 2007 and 2010, and others across various versions.

Can CVE-2015-2503 lead to unauthorized access?

Yes, CVE-2015-2503 can allow attackers to execute arbitrary code, potentially granting unauthorized access to sensitive data.

Is there a workaround for CVE-2015-2503?

A practical workaround for CVE-2015-2503 involves disabling macros in Office applications until the software is updated.

Vulnerability/
CVE-2015-2503

critical

9.3

CWE

264

11/11/2015

6/8/2024

CVE-2015-2503

First published: Wed Nov 11 2015(Updated: )

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Access	=2007-sp3
Microsoft Access	=2010-sp2
Microsoft Access	=2013-sp1
Microsoft Access	=2016
Microsoft Excel for Mac	=2007-sp3
Microsoft Excel for Mac	=2010-sp2
Microsoft Excel for Mac	=2010-sp2
Microsoft Excel for Mac	=2013-sp1
Microsoft Excel for Mac	=2013-sp1
Microsoft Excel for Mac	=2016
Microsoft InfoPath	=2007-sp3
Microsoft InfoPath	=2010-sp2
Microsoft InfoPath	=2013-sp1
Microsoft Lync	=2013-sp1
Microsoft Office 2007 IME	=sp3
Microsoft OneNote for Mac	=2007-sp3
Microsoft OneNote for Mac	=2010-sp2
Microsoft OneNote for Mac	=2013-sp1
Microsoft OneNote for Mac	=2013-sp1
Microsoft OneNote for Mac	=2016
Microsoft Pinyin Ime	=2010
Microsoft PowerPoint	=2007-sp3
Microsoft PowerPoint	=2010-sp2
Microsoft PowerPoint	=2013-sp1
Microsoft PowerPoint	=2013-sp1
Microsoft PowerPoint	=2016
Microsoft Project Professional	=2007-sp3
Microsoft Project Professional	=2016
Microsoft Project Server	=2010-sp2
Microsoft Project Server	=2013-sp1
Microsoft Publisher	=2007-sp3
Microsoft Publisher	=2010-sp2
Microsoft Publisher	=2013-sp1
Microsoft Publisher	=2016
Microsoft Skype for Business	=2016
Microsoft Visio Professional	=2007-sp3
Microsoft Visio Professional	=2010-sp2
Microsoft Visio Professional	=2013-sp1
Microsoft Visio Professional	=2016
Microsoft Word for Android	=2007-sp3
Microsoft Word for Android	=2010-sp2
Microsoft Word for Android	=2013-sp1
Microsoft Word for Android	=2013-sp1
Microsoft Word for Android	=2016

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-2503?
CVE-2015-2503 is considered a critical vulnerability due to its potential for exploitation.
How do I fix CVE-2015-2503?
To fix CVE-2015-2503, ensure that you have the latest security updates installed for the affected Microsoft Office products.
What software versions are affected by CVE-2015-2503?
CVE-2015-2503 affects several Microsoft Office products, including Access 2007 and 2010, Excel 2007 and 2010, and others across various versions.
Can CVE-2015-2503 lead to unauthorized access?
Yes, CVE-2015-2503 can allow attackers to execute arbitrary code, potentially granting unauthorized access to sensitive data.
Is there a workaround for CVE-2015-2503?
A practical workaround for CVE-2015-2503 involves disabling macros in Office applications until the software is updated.

agent/references
agent/type
agent/weakness
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/microsoft
canonical/microsoft access
version/microsoft access/2007-sp3
version/microsoft access/2010-sp2
version/microsoft access/2013-sp1
version/microsoft access/2016
canonical/microsoft excel for mac
version/microsoft excel for mac/2007-sp3
version/microsoft excel for mac/2010-sp2
version/microsoft excel for mac/2013-sp1
version/microsoft excel for mac/2016
canonical/microsoft infopath
version/microsoft infopath/2007-sp3
version/microsoft infopath/2010-sp2
version/microsoft infopath/2013-sp1
canonical/microsoft lync
version/microsoft lync/2013-sp1
canonical/microsoft office 2007 ime
version/microsoft office 2007 ime/sp3
canonical/microsoft onenote for mac
version/microsoft onenote for mac/2007-sp3
version/microsoft onenote for mac/2010-sp2
version/microsoft onenote for mac/2013-sp1
version/microsoft onenote for mac/2016
canonical/microsoft pinyin ime
version/microsoft pinyin ime/2010
canonical/microsoft powerpoint
version/microsoft powerpoint/2007-sp3
version/microsoft powerpoint/2010-sp2
version/microsoft powerpoint/2013-sp1
version/microsoft powerpoint/2016
canonical/microsoft project professional
version/microsoft project professional/2007-sp3
version/microsoft project professional/2016
canonical/microsoft project server
version/microsoft project server/2010-sp2
version/microsoft project server/2013-sp1
canonical/microsoft publisher
version/microsoft publisher/2007-sp3
version/microsoft publisher/2010-sp2
version/microsoft publisher/2013-sp1
version/microsoft publisher/2016
canonical/microsoft skype for business
version/microsoft skype for business/2016
canonical/microsoft visio professional
version/microsoft visio professional/2007-sp3
version/microsoft visio professional/2010-sp2
version/microsoft visio professional/2013-sp1
version/microsoft visio professional/2016
canonical/microsoft word for android
version/microsoft word for android/2007-sp3
version/microsoft word for android/2010-sp2
version/microsoft word for android/2013-sp1
version/microsoft word for android/2016

CVE-2015-2503

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-2503?

How do I fix CVE-2015-2503?

What software versions are affected by CVE-2015-2503?

Can CVE-2015-2503 lead to unauthorized access?

Is there a workaround for CVE-2015-2503?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-2503?

How do I fix CVE-2015-2503?

What software versions are affected by CVE-2015-2503?

Can CVE-2015-2503 lead to unauthorized access?

Is there a workaround for CVE-2015-2503?