CVE-2015-0085

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP3 Microsoft Excel 2007 SP3 Microsoft PowerPoint 2007 SP3 Microsoft Word 2007 SP3 Microsoft Office 2010 SP2 Microsoft Excel 2010 SP2 Microsoft PowerPoint 2010 SP2 Microsoft Word 2010 SP2 Microsoft Office 2013 Gold and SP1 Microsoft Word 2013 Gold and SP1 Microsoft Office 2013 RT Gold and SP1 Microsoft Word 2013 RT Gold and SP1 Microsoft Excel Viewer Microsoft Office Compatibility Pack SP3 Microsoft Word Automation Services on SharePoint Server 2010 SP2 Microsoft Excel Services on SharePoint Server 2013 Gold and SP1 Microsoft Word Automation Services on SharePoint Server 2013 Gold and SP1 Microsoft Web Applications 2010 SP2 Microsoft Office Web Apps Server 2010 SP2 Microsoft Web Apps Server 2013 Gold and SP1 Microsoft SharePoint Server 2007 SP3 Microsoft Windows SharePoint Services 3.0 SP3 Microsoft SharePoint Foundation 2010 SP2 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Foundation 2013 Gold and SP1 Microsoft SharePoint Server 2013 Gold and SP1

Description A remote code execution vulnerability exists in Microsoft Office software due to improper handling of objects in memory while parsing specially crafted Office files. This could corrupt system memory, allowing an attacker to execute arbitrary code. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.