CVE-2016-0183

Name of the Vulnerable Software and Affected Versions Microsoft Office 2010 SP2 Word 2010 SP2 Word Automation Services on SharePoint Server 2010 SP2 Office Web Apps 2010 SP2

Description The issue is related to the Windows font library, which allows remote attackers to execute arbitrary code via a crafted embedded font. This can be exploited by an attacker to take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office 2010 SP2, update to a version that includes the fix for this issue. For Word 2010 SP2, update to a version that includes the fix for this issue. For Word Automation Services on SharePoint Server 2010 SP2, update to a version that includes the fix for this issue. For Office Web Apps 2010 SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of embedded fonts in documents until a patch is available.