CVE-2015-1682

Name of the Vulnerable Software and Affected Versions Microsoft Office 2010 SP2 Excel 2010 SP2 PowerPoint 2010 SP2 Word 2010 SP2 Office 2013 SP1 Excel 2013 SP1 PowerPoint 2013 SP1 Word 2013 SP1 Office 2013 RT SP1 Excel 2013 RT SP1 PowerPoint 2013 RT SP1 Word 2013 RT SP1 Office for Mac 2011 Excel for Mac 2011 PowerPoint for Mac 2011 Word for Mac 2011 PowerPoint Viewer Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1 Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 Office Web Apps 2010 SP2 Excel Web App 2010 SP2 Office Web Apps Server 2013 SP1 SharePoint Foundation 2010 SP2 SharePoint Server 2013 SP1

Description Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.