Security bypass in Microsoft products - CVE-2015-2375
Published: January 31, 2017 / Updated: March 10, 2017
Vulnerability identifier: #VU5561
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-2375
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Excel
Microsoft Office
Microsoft SharePoint Server
Microsoft Excel
Microsoft Office
Microsoft SharePoint Server
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass Address Space Layout Randomization on the target system.
The weakness exists due to insecure memory release. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and bypass ASLR mechanism.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
The weakness exists due to insecure memory release. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and bypass ASLR mechanism.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
How to mitigate CVE-2015-2375
Install update from vendor's website.