CVE-2016-7233

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version Office Compatibility Pack SP3 Word Automation Services on SharePoint Server 2013 SP1 Office Web Apps 2010 SP2 Word Viewer Word for Mac 2011 Excel for Mac 2011 Microsoft Word 2007 Office 2010 SP2 Word 2010 SP2

Description The issue is related to an uninitialized variable, causing out-of-bounds memory reading when Office or Word processes a specially crafted file. This could allow a remote attacker to obtain sensitive information from process memory or cause a denial of service. Exploitation requires a user to open a maliciously crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office versions prior to the fixed version, update to the latest version. For Office Compatibility Pack SP3, consider applying configuration changes to restrict the use of vulnerable components until a patch is available. For Word Automation Services on SharePoint Server 2013 SP1, restrict access to the service to minimize the risk of exploitation. For Office Web Apps 2010 SP2, avoid using the affected version until a patch is available. For Word Viewer, consider disabling the viewer until a patch is available. For Word for Mac 2011 and Excel for Mac 2011, update to a newer version or apply configuration changes to restrict the use of vulnerable components. For Microsoft Word 2007, Office 2010 SP2, and Word 2010 SP2, update to the latest version or apply configuration changes to restrict the use of vulnerable components.