CVE-2014-6361

Published Dec 11, 2014

Last updated 6 years ago

CVSS info 9.3

Overview

Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C4CFF7E-7170-4A6B-9A59-9815EE896C62"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2013:*:*:*:rt_gold:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC9DB6E0-B1A1-4652-A943-FDB6A6418576"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53DC2480-5B8D-4E96-BD54-17561B1FFE7F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References