CVE-2015-6118

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2010 SP2

Description The issue is caused by a buffer overflow in Microsoft Office software, allowing remote attackers to execute arbitrary code via a crafted Office document. This occurs when the Office software fails to properly handle objects in memory. An attacker who successfully exploits this could run arbitrary code in the context of the current user. If the current user has administrative user rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office 2007 SP3, update to a version that is not affected by this issue. For Microsoft Office 2010 SP2, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted Office documents until a patch is available. Restrict access to sensitive data and systems to minimize the risk of exploitation.