| ID |
CVE-2015-2378
|
| Summary |
Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability." <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a> |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*
cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*
-
cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*
cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*
-
cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.9 (as of 12-10-2018 - 22:09) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS15-070 | | bulletin_url | | | date | 2015-07-14T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 3072620 | | knowledgebase_url | | | severity | Important | | title | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution |
|
| refmap
via4
|
|
| Last major update |
12-10-2018 - 22:09 |
| Published |
14-07-2015 - 21:59 |
| Last modified |
12-10-2018 - 22:09 |
