First published: Wed Dec 09 2015(Updated: )
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office Excel | =2007-sp3 | |
Microsoft Office Excel | =2010-sp2 | |
Microsoft Office Excel | =2010-sp2 | |
Microsoft Excel | =2011 | |
Microsoft Excel | =2016 | |
Microsoft Office Excel Viewer | ||
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-6040 has a critical severity rating due to the potential for remote code execution.
To fix CVE-2015-6040, users should apply the security updates provided by Microsoft for the affected versions of Excel.
CVE-2015-6040 affects Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer.
CVE-2015-6040 can be exploited by remote attackers using crafted Office documents to execute arbitrary code.
There are no known workarounds for CVE-2015-6040 besides applying the security patches from Microsoft.