CVE-2016-0057

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2016

Description The issue is related to errors in the binary file signing process in Microsoft Office. It allows a local attacker to elevate privileges using a specially crafted file. This can be achieved by creating a Trojan horse file with a crafted signature. The vulnerability exploits an invalidly signed binary, enabling an attacker to host malicious code in a similarly configured binary. To exploit this, the attacker needs write access to the target location containing the invalidly signed binary.

Recommendations For Microsoft Office versions 2007 SP3 through 2016, consider restricting write access to sensitive locations to minimize the risk of exploitation. As a temporary workaround, avoid using unsigned or potentially malicious binaries until a patch is available. Restrict access to areas where binary files are executed to prevent potential elevation of privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.