CVE-2016-0140

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2010 SP2 Word Automation Services on SharePoint Server version 2010 SP2 Office Web Apps version 2010 SP2

Description The issue is caused by a buffer overflow, allowing remote attackers to execute arbitrary code via a crafted Office document. Multiple remote code execution vulnerabilities exist in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user, potentially taking control of the affected system, installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Office versions 2007 SP3 through 2010 SP2, update to a newer version to mitigate the risk. For Word Automation Services on SharePoint Server version 2010 SP2, update to a newer version to mitigate the risk. For Office Web Apps version 2010 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted Office documents until a patch is available.