CVE-2015-1642

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 SP1

Description The issue is related to a memory corruption vulnerability in Microsoft Office, allowing remote attackers to execute arbitrary code via a crafted document. This can occur when the Office software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The exploitation requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office 2007 SP3, consider applying the necessary security updates to resolve the issue. For Microsoft Office 2010 SP2, apply the relevant patches to fix the vulnerability. For Microsoft Office 2013 SP1, update to a newer version that includes the security fix. As a temporary workaround, consider avoiding the use of specially crafted documents until a patch is available.