CVE-2016-0139

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2010 SP2 Microsoft Word for Mac version 2011 Microsoft Excel Viewer (affected versions not specified)

Description The issue is caused by a buffer overflow and allows a remote attacker to execute arbitrary code using a specially crafted Office document. Exploitation of this issue requires a user to open a specially crafted file with an affected version of Microsoft Office software. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system, installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Excel 2010 SP2, consider avoiding the use of specially crafted Office documents until a fix is available. For Microsoft Word for Mac 2011, restrict access to specially crafted files to minimize the risk of exploitation. For Microsoft Excel Viewer, as a temporary workaround, consider disabling the ability to open specially crafted Office documents until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.