CVE-2015-1650

Name of the Vulnerable Software and Affected Versions Microsoft Word 2007 SP3 Microsoft Word 2010 SP2 Microsoft Word 2013 SP1 Microsoft Word 2013 RT SP1 Microsoft Word Viewer Microsoft Office Compatibility Pack SP3 Microsoft Word Automation Services on SharePoint Server 2010 SP2 Microsoft Word Automation Services on SharePoint Server 2013 SP1 Microsoft Office Web Apps Server 2010 SP2 Microsoft Office Web Apps Server 2013 SP1

Description The vulnerability is caused by incorrect handling of specially crafted files, leading to damage of system memory. This could allow a remote attacker to execute arbitrary code with the privileges of the current user. If the current user has administrative rights, the attacker could take complete control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Word 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Word 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Word 2013 RT SP1, update to a newer version to mitigate the risk. For Microsoft Word Viewer, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack SP3, update to a newer version to mitigate the risk. For Microsoft Word Automation Services on SharePoint Server 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word Automation Services on SharePoint Server 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Office Web Apps Server 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office Web Apps Server 2013 SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted files until a patch is available.