CVE-2017-0106

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2007 through 2016 Microsoft Excel version 2007 SP3

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted document or email message. An attacker who successfully exploits this vulnerability could take control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open or preview a specially crafted email message with an affected version of Microsoft Outlook.

Recommendations For Microsoft Outlook versions 2007 through 2016, update to a version that is not affected by this issue. For Microsoft Excel version 2007 SP3, avoid using the affected software until a patch is available. As a temporary workaround, consider avoiding the use of specially crafted documents or email messages until a patch is available.