CVE-2016-7264

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 SP3 Office Compatibility Pack version SP3 Excel Viewer (affected versions not specified) Excel for Mac version 2011 Excel 2016 for Mac (affected versions not specified)

Description The issue allows remote attackers to obtain sensitive information from process memory or cause a denial of service via a crafted document. Multiple information disclosure vulnerabilities exist when affected Microsoft Office software reads out of bound memory, which could disclose the contents of memory. An attacker who successfully exploited the vulnerabilities could view out of bound memory. Exploitation requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Excel 2007 SP3, update to a newer version to mitigate the risk. For Office Compatibility Pack SP3, update to a newer version to mitigate the risk. For Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Excel for Mac 2011, update to a newer version to mitigate the risk. For Excel 2016 for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.