What is CVE-2015-0097?

CVE-2015-0097 is a vulnerability in Microsoft Excel, classified under CWE-19. Published 2015-03-11.

Is CVE-2015-0097 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Excel

CVE-2015-0097

Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code…

EPSS: 0.794 (99.1th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2007, 2010
Microsoft Powerpoint — versions 2007, 2010
Microsoft Word — versions 2007, 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-19

Public proof-of-concept exploits

References

37657 (exploit, x_refsource_EXPLOIT-DB)
1031896 (vdb-entry, x_refsource_SECTRACK)
MS15-022 (x_refsource_MS, vendor-advisory)

Frequently asked questions

What is CVE-2015-0097?: CVE-2015-0097 is a vulnerability in Microsoft Excel, classified under CWE-19. Published 2015-03-11.
Is CVE-2015-0097 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.