Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2015-2503

Published: 11/11/2015 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote malicious users to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft access 2007

microsoft access 2010

microsoft excel 2013

microsoft excel 2016

microsoft onenote 2013

microsoft powerpoint 2016

microsoft access 2013

microsoft access 2016

microsoft infopath 2007

microsoft infopath 2010

microsoft onenote 2016

microsoft pinyin ime 2010

microsoft project 2016

microsoft project server 2010

microsoft visio 2007

microsoft visio 2010

microsoft visio 2013

microsoft excel 2010

microsoft onenote 2007

microsoft onenote 2010

microsoft powerpoint 2013

microsoft publisher 2010

microsoft publisher 2013

microsoft word 2010

microsoft word 2013

microsoft project 2007

microsoft publisher 2016

microsoft skype for business 2016

microsoft word 2016

microsoft excel 2007

microsoft infopath 2013

microsoft lync 2013

microsoft office 2007 ime sp3

microsoft powerpoint 2007

microsoft powerpoint 2010

microsoft project server 2013

microsoft publisher 2007

microsoft visio 2016

microsoft word 2007

References

CWE-264http://www.securitytracker.com/id/1034122http://www.securitytracker.com/id/1034119http://www.securitytracker.com/id/1034117https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook