CVE-2015-2468

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 SP1 Office for Mac versions 2011 through 2016 Office Compatibility Pack version SP3 Word Viewer version (affected versions not specified) Word Automation Services on SharePoint Server versions 2010 SP2 through 2013 SP1 Word Web Apps version 2010 SP2 Office Web Apps Server version 2013 SP1

Description A remote code execution issue exists in Microsoft Office software due to its failure to properly handle objects in memory. An attacker could exploit this issue by using a specially crafted file to perform actions in the security context of the current user. The exploitation requires a user to open the specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office versions 2007 SP3 through 2013 SP1, update to a version that includes the fix for this issue. For Office for Mac versions 2011 through 2016, update to a version that includes the fix for this issue. For Office Compatibility Pack version SP3, update to a version that includes the fix for this issue. For Word Viewer, Word Automation Services on SharePoint Server, Word Web Apps, and Office Web Apps Server, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted files with affected versions of Microsoft Office software until a patch is available.