|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-07-14 | |
| Rule Name: | Microsoft Excel ASLR Bypass Vulnerability (CVE-2015-2375) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability." | |
| Impact: | ASLR is the abbreviation of address space layout randomization, it is a technology to prevent buffer overflow attempt. The ASLR technoloy in the affected product can be bypassed by an attacker, which may occur buffer overflow attacks or arbitrary code execution. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:MS15-070 |
|
| Solutions |
|---|
| Microsoft has released a patch MS15-070 to eliminate the vulnerability. The patch can be downloaded at http://technet.microsoft.com/security/bulletin/MS15-070 |