CVE-2017-0020

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft Office Web Apps (affected versions not specified)

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted document. The exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights.

Recommendations For Microsoft Office, update to a version that properly handles objects in memory to prevent exploitation. For Microsoft Office Web Apps, consider restricting the use of specially crafted documents until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.