CVE-2015-0097

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 SP3 through 2010 SP2 Microsoft PowerPoint versions 2007 SP3 through 2010 SP2 Microsoft Word versions 2007 SP3 through 2010 SP2

Description A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory while parsing specially crafted Office files. This could corrupt system memory, allowing an attacker to execute arbitrary code. An attacker who successfully exploits the issue could use a specially crafted file to perform actions in the security context of the current user. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Excel 2007 SP3, consider avoiding the use of specially crafted Office files until a patch is available. For Microsoft Excel 2010 SP2, consider avoiding the use of specially crafted Office files until a patch is available. For Microsoft PowerPoint 2007 SP3, consider avoiding the use of specially crafted Office files until a patch is available. For Microsoft PowerPoint 2010 SP2, consider avoiding the use of specially crafted Office files until a patch is available. For Microsoft Word 2007 SP3, consider avoiding the use of specially crafted Office files until a patch is available. For Microsoft Word 2010 SP2, consider avoiding the use of specially crafted Office files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.