CVE-2015-6122

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 SP3 through 2010 SP2 Microsoft Excel for Mac version 2011 Microsoft Office Compatibility Pack version SP3 Microsoft Excel Viewer

Description The issue is caused by a buffer overflow and allows a remote attacker to execute arbitrary code via a crafted Office document. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. If the current user is logged on with administrative user rights, an attacker could take control of the affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Excel for Mac 2011, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack SP3, update to a newer version to mitigate the risk. For Microsoft Excel Viewer, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted Office documents until a patch is available.