CVE-2018-0792

Name of the Vulnerable Software and Affected Versions Microsoft Office 2016 Microsoft Word 2016 in Microsoft Office 2016

Description The issue is related to the improper handling of objects in memory, which can allow a remote attacker to execute arbitrary code by using a specially crafted file. If the current user is logged on with administrative user rights, an attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations For Microsoft Office 2016, consider avoiding the use of specially crafted files until a patch is available. For Microsoft Word 2016 in Microsoft Office 2016, as a temporary workaround, consider restricting the opening of files from untrusted sources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.