Elevated Privilege Vulnerability in Microsoft Office Products
CVE-2015-2503

Currently unrated

Key Information:

Vendor: Microsoft
Status: Word; Onenote; Publisher; Powerpoint
Vendor: CVE Published:; 11 November 2015

Summary

This vulnerability allows remote attackers to exploit Microsoft Office products by bypassing the sandbox protection mechanisms through a specially crafted website accessed via Internet Explorer. Successful exploitation could lead to a transition from Low Integrity to Medium Integrity, enabling an attacker to gain extra privileges in the system. The affected products span multiple versions of Microsoft Office, including key applications such as Word, Excel, PowerPoint, and others from 2007 to 2016. Users should apply the latest security updates to mitigate this risk.

References

http://www.securitytracker.com/id/1034117

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id/1034122

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 11, 2015
Vulnerability Reserved
Mar 19, 2015