CVE-2015-1770

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2013 SP1 and 2013 RT SP1

Description The issue is related to the improper handling of data, which can allow a remote attacker to execute arbitrary code via a crafted Office document. An attacker who successfully exploits this issue could use a specially crafted file to perform actions in the security context of the current user. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office 2013 SP1, update to a version that properly handles objects in memory to prevent exploitation. For Microsoft Office 2013 RT SP1, apply the necessary patches to ensure the software fails to properly handle objects in memory, thus preventing exploitation.