CVE-2015-2470

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP3 Microsoft Office 2010 SP2 Microsoft Office 2013 SP1 Microsoft Office 2013 RT SP1 Microsoft Office for Mac 2011 Microsoft Word Viewer

Description A remote code execution issue exists due to an integer underflow in Microsoft Office. This allows attackers to execute arbitrary code via a crafted document. Exploitation requires a user to open a specially crafted Office file with an affected version of Microsoft Office software. Successful exploitation could grant an attacker the same user rights as the current user, potentially leading to complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Office 2013 RT SP1, update to a newer version to mitigate the risk. For Microsoft Office for Mac 2011, update to a newer version to mitigate the risk. For Microsoft Word Viewer, update to a newer version to mitigate the risk.