| Vulnerability Name: | CVE-2015-6038 (CCN-106748) | ||||||||
| Assigned: | 2015-11-10 | ||||||||
| Published: | 2015-11-10 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||||||
| CVSS v3 Severity: | 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-6038 Source: CCN Type: Microsoft Security Bulletin MS15-116 Security Update for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS16-004 Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-042 Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: BID Type: UNKNOWN 77489 Source: CCN Type: BID-77489 Microsoft Office CVE-2015-6038 Memory Corruption Vulnerability Source: SECTRACK Type: UNKNOWN 1034118 Source: SECTRACK Type: UNKNOWN 1034122 Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-15-543 Source: MS Type: UNKNOWN MS15-116 Source: XF Type: UNKNOWN ms-office-cve20156038-code-exec(106748) Source: CCN Type: ZDI-15-543 Microsoft Office Excel Binary Worksheet Uninitialized Pointer Remote Code Execution Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||