CVE-2015-2477

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 Office for Mac versions 2011 Office for Mac versions 2016 Word Viewer (affected versions not specified)

Description A remote code execution issue exists in Microsoft Office software due to its failure to properly handle objects in memory. An attacker could exploit this by using a specially crafted file, allowing them to perform actions in the security context of the current user. This requires a user to open the specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office 2007 SP3, update to a version that properly handles objects in memory to prevent exploitation. For Office for Mac 2011, consider disabling the opening of specially crafted files until a patch is available. For Office for Mac 2016, restrict access to files from untrusted sources to minimize the risk of exploitation. For Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.