CVE-2015-1760

Name of the Vulnerable Software and Affected Versions Microsoft Office Compatibility Pack version SP3 Office 2010 version SP2 Office 2013 version SP1 Office 2013 RT version SP1

Description The issue is related to improper data handling, which can allow a remote attacker to execute arbitrary code using a specially crafted Office document. This could corrupt system memory, enabling an attacker to execute arbitrary code in the context of the current user. If the current user has administrative user rights, an attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office Compatibility Pack version SP3, update to a version that is not affected by this issue. For Office 2010 version SP2, update to a version that is not affected by this issue. For Office 2013 version SP1, update to a version that is not affected by this issue. For Office 2013 RT version SP1, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of specially crafted Office files until a patch is available.