CVE-2015-0063 — HIGH (9.3) — White Hats Nepal

Vulnerability Description

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Microsoft	Office Compatibility Pack	All versions
Microsoft	Excel Viewer	All versions
Microsoft	Excel	2007
Microsoft	Office	2010

Related Weaknesses (CWE)

CWE-399

References

http://secunia.com/advisories/62808Vendor Advisory
http://www.securityfocus.com/bid/72460VDB EntryVendor Advisory
http://www.securitytracker.com/id/1031720Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-01PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100439VDB Entry
http://secunia.com/advisories/62808Vendor Advisory
http://www.securityfocus.com/bid/72460VDB EntryVendor Advisory
http://www.securitytracker.com/id/1031720Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-01PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100439VDB Entry

FAQ

What is CVE-2015-0063?

CVE-2015-0063 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitra...

How severe is CVE-2015-0063?

CVE-2015-0063 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0063?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office Compatibility Pack, Microsoft Excel Viewer, Microsoft Excel, Microsoft Office.