Tom Hoke

Name of the Vulnerable Software and Affected Versions: Microsoft Excel versions 2007 SP3 through 2016 Microsoft Office versions 2016 Click-to-Run and 2016 for Mac Description: A security feature bypass issue exists due to how macro settings are enforced in Microsoft Office software, specifically affecting Excel documents. This issue does not allow arbitrary code execution on its own. To exploit this, an attacker would need to convince a user to open a specially crafted file with an affected version of Microsoft Office software. Recommendations: For Microsoft Excel 2007 SP3, update to a version that enforces macro settings correctly. For Microsoft Excel 2010 SP2, update to a version that enforces macro settings correctly. For Microsoft Excel 2013 SP1, update to a version that enforces macro settings correctly. For Microsoft Excel 2016, update to a version that enforces macro settings correctly. For Microsoft Office 2016 Click-to-Run, update to a version that enforces macro settings correctly. For Microsoft Office 2016 for Mac, update to a version that enforces macro settings correctly.