CVE-2015-2466

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1

Description A remote code execution issue exists in Microsoft Office software due to improper validation of templates. An attacker could execute arbitrary code in the context of the current user by exploiting this issue, which requires a user to open a specially crafted template file with an affected version of Microsoft Office software. If the current user has administrative user rights, an attacker could gain complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office 2007 SP3, update to a version that properly validates templates to prevent remote code execution. For Microsoft Office 2010 SP2, update to a version that properly validates templates to prevent remote code execution. For Microsoft Office 2013 SP1, update to a version that properly validates templates to prevent remote code execution. For Microsoft Office 2013 RT SP1, update to a version that properly validates templates to prevent remote code execution. As a temporary workaround, consider avoiding the use of specially crafted template files until a patch is available.