CVE-2015-2380

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 Office versions 2010 SP2

Description The issue is caused by a buffer overflow in dynamic memory, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted Office document. Exploitation of this issue requires a user to open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploits this issue could run arbitrary code in the context of the current user, potentially taking complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Word 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Word 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Word 2013 RT SP1, update to a newer version to mitigate the risk. For Office 2010 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted Office documents until a patch is available.