Microsoft Excel Memory Corruption Vulnerability Impacting Multiple Versions
CVE-2016-0054

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Sharepoint Foundation; Excel; Excel Viewer; Excel For Mac
Vendor: CVE Published:; 10 February 2016

Summary

A vulnerability exists in Microsoft Excel and related services that allows remote attackers to execute arbitrary code via a specially crafted Office document. This vulnerability affects several versions of Excel, including older versions like Excel 2007, as well as newer iterations and the Excel for Mac variants. Attackers can exploit this issue by enticing users to open such malicious documents, leading to possible unauthorized actions on the user's system.

References

http://www.securitytracker.com/id/1034976

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2016
Vulnerability Reserved
Dec 4, 2015