CVE-2015-2377

Name of the Vulnerable Software and Affected Versions Microsoft Office Compatibility Pack version SP3 Microsoft Excel versions 2007 SP3 through 2013 SP1 Office Compatibility Pack version SP3

Description The issue is caused by a buffer overflow in dynamic memory, allowing a remote attacker to execute arbitrary code or cause a denial of service via a crafted Office document. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Office Compatibility Pack version SP3, update to a newer version to mitigate the risk. For Microsoft Excel versions 2007 SP3 through 2013 SP1, update to a newer version to mitigate the risk. For Office Compatibility Pack version SP3, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of crafted Office documents until a patch is available. Restrict access to sensitive data and systems to minimize the risk of exploitation.