CVE-2016-0122

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 SP3 through 2016 Microsoft Word version 2016 for Mac Microsoft Office Compatibility Pack version SP3 Microsoft Excel Viewer

Description The issue is caused by a buffer overflow. Exploitation of this issue may allow a remote attacker to execute arbitrary code using a specially crafted Office document. This can occur when the Office software fails to properly handle objects in memory. If successfully exploited, an attacker could run arbitrary code in the context of the current user. If the current user has administrative user rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel versions 2007 SP3 through 2016, update to a version that properly handles objects in memory to prevent arbitrary code execution. For Microsoft Word version 2016 for Mac, update to a version that properly handles objects in memory to prevent arbitrary code execution. For Microsoft Office Compatibility Pack version SP3, update to a version that properly handles objects in memory to prevent arbitrary code execution. For Microsoft Excel Viewer, update to a version that properly handles objects in memory to prevent arbitrary code execution. As a temporary workaround, consider avoiding the use of specially crafted Office documents until a patch is available.