CVE-2015-1641

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 SP1 Microsoft Word versions 2007 SP3 through 2013 SP1 Microsoft Word for Mac version 2011 Office Compatibility Pack version SP3 Word Automation Services on SharePoint Server versions 2010 SP2 and 2013 SP1 Office Web Apps Server versions 2010 SP2 and 2013 SP1

Description The issue is related to errors that occur due to incorrect handling of specially crafted RTF files. Exploitation of this issue may allow a remote attacker to execute arbitrary code with the privileges of the current user. This can happen when a user opens a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office versions 2007 SP3 through 2013 SP1, update to a newer version that contains a fix for this issue. For Microsoft Word versions 2007 SP3 through 2013 SP1, update to a newer version that contains a fix for this issue. For Microsoft Word for Mac version 2011, update to a newer version that contains a fix for this issue. For Office Compatibility Pack version SP3, update to a newer version that contains a fix for this issue. For Word Automation Services on SharePoint Server versions 2010 SP2 and 2013 SP1, update to a newer version that contains a fix for this issue. For Office Web Apps Server versions 2010 SP2 and 2013 SP1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of RTF files in the affected Microsoft Office software until a patch is available.