Sébastien Morin

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2007 SP3 through 2016 Word 2016 for Mac Word Viewer **Description** The issue is caused by a buffer overflow in Microsoft Office software, including Word Viewer and Microsoft Word, allowing a remote attacker to execute arbitrary code using a specially crafted file. Multiple remote code execution vulnerabilities exist due to the software's failure to properly handle objects in memory. Successful exploitation could allow an attacker to run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office versions 2007 SP3 through 2016, update to a version that includes the fix for this issue. For Word 2016 for Mac, update to a version that includes the fix for this issue. For Word Viewer, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted files with affected versions of Microsoft Office software until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player (affected versions not specified) **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player (affected versions not specified) **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2007 SP3 through 2016 Microsoft Word version 2016 for Mac Microsoft Office Compatibility Pack version SP3 Microsoft Excel Viewer **Description** The issue is caused by a buffer overflow. Exploitation of this issue may allow a remote attacker to execute arbitrary code using a specially crafted Office document. This can occur when the Office software fails to properly handle objects in memory. If successfully exploited, an attacker could run arbitrary code in the context of the current user. If the current user has administrative user rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel versions 2007 SP3 through 2016, update to a version that properly handles objects in memory to prevent arbitrary code execution. For Microsoft Word version 2016 for Mac, update to a version that properly handles objects in memory to prevent arbitrary code execution. For Microsoft Office Compatibility Pack version SP3, update to a version that properly handles objects in memory to prevent arbitrary code execution. For Microsoft Excel Viewer, update to a version that properly handles objects in memory to prevent arbitrary code execution. As a temporary workaround, consider avoiding the use of specially crafted Office documents until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BEdita versions prior to 3.6.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `cfg[projectName]` parameter to "index.php/admin/saveConfig", the `data[stats provider url]` parameter to "index.php/areas/saveArea", or the `data[description]` parameter to "index.php/areas/saveSection". **Recommendations** For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue.