CVE-2016-3278

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016

Description The issue is caused by a buffer overflow in Microsoft Outlook, allowing remote attackers to execute arbitrary code via a crafted Office document. Multiple remote code execution vulnerabilities exist in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Outlook versions 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, consider avoiding the use of specially crafted Office documents until a patch is available. As a temporary workaround, restrict access to the affected Microsoft Office software to minimize the risk of exploitation. Avoid opening specially crafted files with the affected versions of Microsoft Office software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.