CVE-2015-0086

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 SP1 Microsoft Word versions 2007 SP3 through 2013 SP1 Microsoft Word Viewer version not specified Office Compatibility Pack version SP3 Word Automation Services on SharePoint Server versions 2010 SP2 through 2013 SP1 Web Applications version 2010 SP2 Web Apps Server version 2013 Gold and SP1

Description A remote code execution issue exists in Microsoft Office software due to improper handling of rich text format files in memory. An attacker could exploit this issue by using a specially crafted file to perform actions in the security context of the current user. Exploitation requires a user to open the specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office versions 2007 SP3 through 2013 SP1, update to a version that properly handles rich text format files in memory. For Microsoft Word versions 2007 SP3 through 2013 SP1, update to a version that properly handles rich text format files in memory. For Microsoft Word Viewer, update to a version that properly handles rich text format files in memory. For Office Compatibility Pack version SP3, update to a version that properly handles rich text format files in memory. For Word Automation Services on SharePoint Server versions 2010 SP2 through 2013 SP1, update to a version that properly handles rich text format files in memory. For Web Applications version 2010 SP2, update to a version that properly handles rich text format files in memory. For Web Apps Server version 2013 Gold and SP1, update to a version that properly handles rich text format files in memory. As a temporary workaround, consider avoiding the use of rich text format files until a patch is available.