CVE-2015-2375

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2010 SP2 through 2013 SP1 Excel Viewer version 2007 SP3 Excel Services on SharePoint Server versions 2010 SP2 through 2013 SP1

Description A security feature bypass issue exists in Microsoft Excel, allowing remote attackers to bypass the Address Space Layout Randomization (ASLR) protection mechanism. This could potentially allow remote code execution when used in conjunction with another vulnerability, such as a remote code execution vulnerability. The issue arises when memory is released in an unintended manner, and exploitation requires a user to open a specially crafted Excel file with an affected version of Microsoft Office software.

Recommendations For Microsoft Excel versions 2010 SP2 through 2013 SP1, update to a version that includes the fix for this issue. For Excel Viewer version 2007 SP3, update to a version that includes the fix for this issue. For Excel Services on SharePoint Server versions 2010 SP2 through 2013 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of Excel table Tag functionality until a patch is available. Restrict access to specially crafted Excel files to minimize the risk of exploitation.