What is CVE-2015-2423?

CVE-2015-2423 is a vulnerability in Microsoft Excel, classified under Information Disclosure. Published 2015-08-15.

Is CVE-2015-2423 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Microsoft Excel

CVE-2015-2423

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP…

Vulnerability class: Information Disclosure

EPSS: 0.149 (94.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2007, 2010, 2013
Microsoft Internet_explorer — versions 7, 8, 9
Microsoft Office — versions 2010
Microsoft Powerpoint — versions 2007, 2010, 2013
Microsoft Visio — versions 2007, 2010, 2013
Microsoft Windows_10
Microsoft Windows_7
Microsoft Windows_8
Microsoft Windows_8.1
Microsoft Windows_rt

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

MS15-081 (x_refsource_MS, vendor-advisory, Patch, Vendor Advisory)
1033237 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
MS15-088 (x_refsource_MS, vendor-advisory, Patch, Vendor Advisory)
1033248 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
MS15-079 (x_refsource_MS, vendor-advisory, Patch, Vendor Advisory)
1033239 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-2423?: CVE-2015-2423 is a vulnerability in Microsoft Excel, classified under Information Disclosure. Published 2015-08-15.
Is CVE-2015-2423 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.