CVE-2015-2378

Name of the Vulnerable Software and Affected Versions Microsoft Excel 2007 SP3 Microsoft Excel 2010 SP2 Microsoft Excel Viewer 2007 SP3 Microsoft Office Compatibility Pack SP3

Description A remote code execution issue exists due to improper handling of dynamic link library (DLL) files by Microsoft Excel. This allows an attacker to gain complete control of an affected system by placing a specially crafted DLL file in the target user's current working directory and convincing the user to launch a program that loads the malicious DLL. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel 2007 SP3, update to a version that properly handles DLL loading to prevent exploitation. For Microsoft Excel 2010 SP2, update to a version that properly handles DLL loading to prevent exploitation. For Microsoft Excel Viewer 2007 SP3, update to a version that properly handles DLL loading to prevent exploitation. For Microsoft Office Compatibility Pack SP3, update to a version that properly handles DLL loading to prevent exploitation.