CWE
264
Advisory Published
Updated

CVE-2015-2503

First published: Wed Nov 11 2015(Updated: )

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."

Credit: secure@microsoft.com

Affected SoftwareAffected VersionHow to fix
Microsoft Access=2007-sp3
Microsoft Access=2010-sp2
Microsoft Access=2013-sp1
Microsoft Access=2016
Microsoft Excel=2007-sp3
Microsoft Excel=2010-sp2
Microsoft Excel=2010-sp2
Microsoft Excel=2013-sp1
Microsoft Excel=2013-sp1
Microsoft Excel=2016
Microsoft InfoPath=2007-sp3
Microsoft InfoPath=2010-sp2
Microsoft InfoPath=2013-sp1
Microsoft Lync=2013-sp1
Microsoft Office 2007 Ime=sp3
Microsoft OneNote=2007-sp3
Microsoft OneNote=2010-sp2
Microsoft OneNote=2013-sp1
Microsoft OneNote=2013-sp1
Microsoft OneNote=2016
Microsoft Pinyin Ime=2010
Microsoft PowerPoint=2007-sp3
Microsoft PowerPoint=2010-sp2
Microsoft PowerPoint=2013-sp1
Microsoft PowerPoint=2013-sp1
Microsoft PowerPoint=2016
Microsoft Project=2007-sp3
Microsoft Project=2016
Microsoft Project Server=2010-sp2
Microsoft Project Server=2013-sp1
Microsoft Publisher=2007-sp3
Microsoft Publisher=2010-sp2
Microsoft Publisher=2013-sp1
Microsoft Publisher=2016
Microsoft Skype for Business=2016
Microsoft Visio=2007-sp3
Microsoft Visio=2010-sp2
Microsoft Visio=2013-sp1
Microsoft Visio=2016
Microsoft Word=2007-sp3
Microsoft Word=2010-sp2
Microsoft Word=2013-sp1
Microsoft Word=2013-sp1
Microsoft Word=2016

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203