CVE-2015-6123

Name of the Vulnerable Software and Affected Versions Microsoft Excel for Mac versions 2011 through 2016

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message. This is possible due to the lack of protection measures for the web page structure in Microsoft Excel. The exploitation of this issue can enable a remote attacker to inject malicious code using a specially crafted email message.

Recommendations For Microsoft Excel for Mac version 2011, update to a version that includes the fix for this issue. For Microsoft Excel for Mac version 2016, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of Outlook for Mac to handle crafted email messages until a patch is available.