CVE-2015-1651

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 SP3 Microsoft Word Viewer version not specified Office Compatibility Pack version SP3

Description The issue is related to a use-after-free vulnerability that allows remote attackers to execute arbitrary code via a crafted Office document. This vulnerability can cause system memory corruption due to incorrect handling of specially crafted files, potentially allowing an attacker to execute arbitrary code with the privileges of the current user. If the current user has administrative rights, an attacker could gain complete control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights may be less impacted.

Recommendations For Microsoft Word 2007 SP3, update to a version that includes the fix for this issue. For Microsoft Word Viewer, consider disabling the handling of specially crafted Office files until a patch is available. For Office Compatibility Pack SP3, restrict access to specially crafted Office files to minimize the risk of exploitation. As a temporary workaround, consider avoiding the use of affected Microsoft Office software for opening specially crafted files until the issue is resolved.