CVE-2015-0063

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 SP3 through 2013 Gold, SP1, and RT Excel Viewer Office Compatibility Pack SP3 Office 2010 SP2

Description A remote code execution issue exists due to improper handling of objects in memory while parsing specially crafted Office files, potentially corrupting system memory and allowing arbitrary code execution. An attacker who successfully exploits this could run arbitrary code in the context of the current user, potentially taking complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Excel 2007 SP3, update to a version that is not affected by this issue. For Excel 2010 SP2, consider disabling the handling of specially crafted Office files until a patch is available. For Excel 2013 Gold, SP1, and RT, restrict access to specially crafted Office files to minimize the risk of exploitation. For Excel Viewer and Office Compatibility Pack SP3, avoid opening specially crafted Office files with these applications until the issue is resolved. For Office 2010 SP2, as a temporary workaround, consider restricting the use of Excel to minimize the risk of exploitation.