CVE-2017-11825

Name of the Vulnerable Software and Affected Versions Microsoft Office 2016 Click-to-Run (C2R) Microsoft Office 2016 for Mac

Description The issue is related to how Microsoft Office handles files in memory, allowing an attacker to use a specially crafted file to perform actions in the security context of the current user. This is due to improper handling of objects in memory, leading to a buffer overflow. Exploitation of the issue may allow a remote attacker to execute actions in the system with the privileges of the current user using a specially crafted file.

Recommendations For Microsoft Office 2016 Click-to-Run (C2R), update to a version that fixes the improper handling of objects in memory. For Microsoft Office 2016 for Mac, update to a version that fixes the improper handling of objects in memory. As a temporary workaround, consider avoiding the use of specially crafted files that could trigger the buffer overflow until a patch is available.