CVE-2015-2503
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japonés) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016 y Lync 2013 SP1 permiten a atacantes remotos eludir un mecanismo de protección sandbox y obtener privilegios a través de una página web manipulada a la que se accede con Internet Explorer, según lo demostrado por una transición de Low Integrity a Medium Integrity, también conocida como 'Microsoft Office Elevation of Privilege Vulnerability'.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-03-19 CVE Reserved
- 2015-11-11 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1034117 | Third Party Advisory | |
| http://www.securitytracker.com/id/1034119 | Third Party Advisory | |
| http://www.securitytracker.com/id/1034122 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2007 Search vendor "Microsoft" for product "Access" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2010 Search vendor "Microsoft" for product "Access" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2013 Search vendor "Microsoft" for product "Access" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2016 Search vendor "Microsoft" for product "Access" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2007 Search vendor "Microsoft" for product "Excel" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2010 Search vendor "Microsoft" for product "Excel" and version "2010" | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2010 Search vendor "Microsoft" for product "Excel" and version "2010" | sp2, x86 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2013 Search vendor "Microsoft" for product "Excel" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2013 Search vendor "Microsoft" for product "Excel" and version "2013" | sp1, rt |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2016 Search vendor "Microsoft" for product "Excel" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Infopath Search vendor "Microsoft" for product "Infopath" | 2007 Search vendor "Microsoft" for product "Infopath" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Infopath Search vendor "Microsoft" for product "Infopath" | 2010 Search vendor "Microsoft" for product "Infopath" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Infopath Search vendor "Microsoft" for product "Infopath" | 2013 Search vendor "Microsoft" for product "Infopath" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Lync Search vendor "Microsoft" for product "Lync" | 2013 Search vendor "Microsoft" for product "Lync" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office 2007 Ime Search vendor "Microsoft" for product "Office 2007 Ime" | sp3 Search vendor "Microsoft" for product "Office 2007 Ime" and version "sp3" | ja |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Onenote Search vendor "Microsoft" for product "Onenote" | 2007 Search vendor "Microsoft" for product "Onenote" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Onenote Search vendor "Microsoft" for product "Onenote" | 2010 Search vendor "Microsoft" for product "Onenote" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Onenote Search vendor "Microsoft" for product "Onenote" | 2013 Search vendor "Microsoft" for product "Onenote" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Onenote Search vendor "Microsoft" for product "Onenote" | 2013 Search vendor "Microsoft" for product "Onenote" and version "2013" | sp1, rt |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Onenote Search vendor "Microsoft" for product "Onenote" | 2016 Search vendor "Microsoft" for product "Onenote" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Pinyin Ime Search vendor "Microsoft" for product "Pinyin Ime" | 2010 Search vendor "Microsoft" for product "Pinyin Ime" and version "2010" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2007 Search vendor "Microsoft" for product "Powerpoint" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2010 Search vendor "Microsoft" for product "Powerpoint" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2013 Search vendor "Microsoft" for product "Powerpoint" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2013 Search vendor "Microsoft" for product "Powerpoint" and version "2013" | sp1, rt |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2016 Search vendor "Microsoft" for product "Powerpoint" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2016 Search vendor "Microsoft" for product "Project" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Server Search vendor "Microsoft" for product "Project Server" | 2010 Search vendor "Microsoft" for product "Project Server" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Server Search vendor "Microsoft" for product "Project Server" | 2013 Search vendor "Microsoft" for product "Project Server" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2007 Search vendor "Microsoft" for product "Publisher" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2010 Search vendor "Microsoft" for product "Publisher" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2013 Search vendor "Microsoft" for product "Publisher" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2016 Search vendor "Microsoft" for product "Publisher" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Skype For Business Search vendor "Microsoft" for product "Skype For Business" | 2016 Search vendor "Microsoft" for product "Skype For Business" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2007 Search vendor "Microsoft" for product "Visio" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2010 Search vendor "Microsoft" for product "Visio" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2013 Search vendor "Microsoft" for product "Visio" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2016 Search vendor "Microsoft" for product "Visio" and version "2016" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2007 Search vendor "Microsoft" for product "Word" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2010 Search vendor "Microsoft" for product "Word" and version "2010" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2013 Search vendor "Microsoft" for product "Word" and version "2013" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2013 Search vendor "Microsoft" for product "Word" and version "2013" | sp1, rt |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2016 Search vendor "Microsoft" for product "Word" and version "2016" | - |
Affected
| ||||||