CVE-2015-0064

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 SP3 through 2010 SP2 Office versions 2010 SP2 Word Automation Services in SharePoint Server 2010 Web Applications 2010 SP2 Word Viewer Office Compatibility Pack version SP3

Description A remote code execution issue exists due to improper handling of objects in memory while parsing specially crafted Office files, potentially corrupting system memory and allowing arbitrary code execution. An attacker who successfully exploits this could run arbitrary code in the context of the current user, potentially taking complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Word 2007 SP3, update to a newer version to mitigate the risk. For Office 2010 SP2, consider applying security patches or updates to resolve the issue. For Word Automation Services in SharePoint Server 2010, restrict access to specially crafted Office files until a patch is available. For Web Applications 2010 SP2, avoid opening untrusted Office documents with affected versions of Microsoft Word. For Word Viewer and Office Compatibility Pack SP3, update to a newer version or apply relevant security updates to fix the vulnerability.