CVE-2016-7290

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2010 SP2 Microsoft Office Compatibility Pack version SP3 Microsoft Office Web Apps version 2010 SP2 Microsoft SharePoint Server version 2010 SP2 Microsoft Word version 2007 SP3 through 2010 SP2 Microsoft Word for Mac version 2011 Microsoft Word Automation Services on SharePoint Server version 2010 SP2

Description The issue allows remote attackers to obtain sensitive information from process memory or cause a denial of service via a crafted document. Multiple information disclosure vulnerabilities exist when affected Microsoft Office software reads out of bound memory, which could disclose the contents of memory. An attacker who successfully exploited the vulnerabilities could view out of bound memory. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office versions 2007 SP3 through 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack version SP3, update to a newer version to mitigate the risk. For Microsoft Office Web Apps version 2010 SP2, update to a newer version to mitigate the risk. For Microsoft SharePoint Server version 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word version 2007 SP3 through 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word for Mac version 2011, update to a newer version to mitigate the risk. For Microsoft Word Automation Services on SharePoint Server version 2010 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of affected Microsoft Office software to minimize the risk of exploitation. Avoid opening specially crafted files with affected versions of Microsoft Office software until the issue is resolved.