CVE-2016-3361

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions prior to the fixed version

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code using a specially crafted document. Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. Successful exploitation could allow an attacker to run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Excel 2010 SP2, update to a version that includes the fix for the Microsoft Office Memory Corruption Vulnerability. For other affected versions of Microsoft Office software, avoid opening specially crafted files until a patch is available. As a temporary workaround, consider restricting user rights to minimize the risk of exploitation.