CVE-2015-2545

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 RT SP1

Description A remote code execution issue exists due to insufficient input validation. Exploitation can allow a remote attacker to execute arbitrary code using a specially crafted EPS image. This can occur when a user opens a file containing a malformed graphics image or inserts a malformed graphics image into an Office file, which could also be included in an email attachment. Successful exploitation could grant the attacker control of the affected system.

Recommendations For Microsoft Office 2007 SP3, consider disabling the ability to insert or open EPS images until a patch is available. For Microsoft Office 2010 SP2, restrict access to EPS files to minimize the risk of exploitation. For Microsoft Office 2013 SP1 and 2013 RT SP1, avoid using the EPS image functionality in Office files until the issue is resolved.