CVE-2015-1683

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP3 Microsoft Office versions prior to the fixed version

Description The issue exists due to incorrect handling of objects in memory. Exploitation occurs when a user opens a specially crafted file. A remote attacker could execute arbitrary code with the privileges of the current user. If the current user has administrative rights, the attacker could take complete control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted.

Recommendations For Microsoft Office 2007 SP3, update to a newer version that contains a fix for this issue. For other affected versions of Microsoft Office, update to a version that properly handles objects in memory to prevent exploitation. As a temporary workaround, consider avoiding the use of crafted files in Microsoft Office software until a patch is available. Restrict access to sensitive data and configure user accounts to have fewer user rights on the system to minimize the risk of exploitation.