CVE-2017-0199

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2016 Microsoft Windows versions Vista SP2 through 8.1 Windows Server 2008 SP2

Description The issue allows remote attackers to execute arbitrary code via a crafted document. This is related to insufficient access control in Microsoft Office and Windows. An attacker who successfully exploits this could take control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open or preview a specially crafted file with an affected version of Microsoft Office or WordPad.

Recommendations For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Office 2016, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of

specially crafted files

in the affected API endpoint until the issue is resolved. Restrict access to the vulnerable

Microsoft Office

and

WordPad

components to minimize the risk of exploitation.