CVE-2016-0025

Name of the Vulnerable Software and Affected Versions Microsoft Office Web Apps versions prior to the fixed version Microsoft Office Compatibility Pack version SP3 Microsoft Office versions prior to the fixed version Office Web Apps Server versions prior to the fixed version Word For Mac versions prior to the fixed version Microsoft Word versions prior to the fixed version Microsoft SharePoint Server versions prior to the fixed version Office Online Server versions prior to the fixed version Microsoft Word 2007 version SP3 Office 2010 version SP2 Word 2010 version SP2 Word 2013 version SP1 Word 2013 RT version SP1 Office 2016 Word 2016 Word for Mac 2011 Word 2016 for Mac Office Compatibility Pack version SP3 Word Automation Services on SharePoint Server 2010 version SP2 Word Automation Services on SharePoint Server 2013 version SP1 Office Web Apps 2010 version SP2 Office Web Apps Server 2013 version SP1 Office Online Server

Description The issue exists due to insufficient input validation in Microsoft Office software. Exploitation of the issue could allow a remote attacker to execute arbitrary code via a specially crafted Office document. Multiple remote code execution vulnerabilities exist in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

Recommendations For Microsoft Office Web Apps, update to a version that includes the fix for this issue. For Microsoft Office Compatibility Pack version SP3, consider disabling the use of specially crafted Office documents until a patch is available. For Microsoft Office, update to a version that includes the fix for this issue. For Office Web Apps Server, update to a version that includes the fix for this issue. For Word For Mac, update to a version that includes the fix for this issue. For Microsoft Word, update to a version that includes the fix for this issue. For Microsoft SharePoint Server, update to a version that includes the fix for this issue. For Office Online Server, update to a version that includes the fix for this issue. For Microsoft Word 2007 version SP3, Office 2010 version SP2, Word 2010 version SP2, Word 2013 version SP1, Word 2013 RT version SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack version SP3, Word Automation Services on SharePoint Server 2010 version SP2, Word Automation Services on SharePoint Server 2013 version SP1, Office Web Apps 2010 version SP2, Office Web Apps Server 2013 version SP1, and Office Online Server, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.