CVE-2016-7275

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016

Description The issue allows local users to gain privileges via a crafted application. A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading libraries. An attacker who successfully exploited the issue could take control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations For Microsoft Office 2010 SP2, update to a version that properly validates input before loading libraries. For Microsoft Office 2013 SP1, update to a version that properly validates input before loading libraries. For Microsoft Office 2013 RT SP1, update to a version that properly validates input before loading libraries. For Microsoft Office 2016, update to a version that properly validates input before loading libraries. As a temporary workaround, consider restricting library loading to minimize the risk of exploitation.