CVE-2016-7276

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2016 for Mac

Description The issue allows remote attackers to obtain sensitive information from process memory or cause a denial of service via a crafted document. Multiple information disclosure vulnerabilities exist when affected Microsoft Office software reads out of bound memory, which could disclose the contents of memory. An attacker who successfully exploited the vulnerabilities could view out of bound memory. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Office for Mac 2011, update to a newer version to mitigate the risk. For Microsoft Office 2016 for Mac, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of crafted documents until a patch is available.