CVE-2015-2379

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 SP1 Office for Mac 2011 Word Viewer Word 2010 SP2 Word 2013 RT SP1

Description The issue is caused by a buffer overflow in dynamic memory, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted Office document. Exploitation of this issue requires a user to open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploits this issue could run arbitrary code in the context of the current user, potentially taking complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Office 2010 SP2, apply configuration changes to properly handle objects in memory. For Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1, restrict access to specially crafted documents until a patch is available. For Office for Mac 2011 and Word Viewer, avoid opening specially crafted Office documents until the issue is resolved. As a temporary workaround, consider disabling the ability to open specially crafted files with affected versions of Microsoft Office software until a patch is available.