CVE-2013-3857

Name of the Vulnerable Software and Affected Versions Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2 Word Web App 2010 SP1 and SP2 in Office Web Apps 2010 Word 2003 SP3 Word 2007 SP3 Word 2010 SP1 and SP2 Office Compatibility Pack SP3 Word Viewer

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted Office document. Remote code execution vulnerabilities exist in the way that affected Microsoft Office software parses specially crafted files, potentially allowing an attacker to take complete control of an affected system.

Recommendations For Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, update to a version that includes the fix for this issue. For Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, update to a version that includes the fix for this issue. For Word 2003 SP3, update to a version that includes the fix for this issue. For Word 2007 SP3, update to a version that includes the fix for this issue. For Word 2010 SP1 and SP2, update to a version that includes the fix for this issue. For Office Compatibility Pack SP3, update to a version that includes the fix for this issue. For Word Viewer, update to a version that includes the fix for this issue.