CVE-2016-0141

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2016

Description The issue is related to Visual Basic macros in Microsoft Office, which improperly export a user's private key from the certificate store during a document-save operation. This could allow a remote attacker to obtain sensitive information via unspecified vectors. An attacker who successfully exploits the issue could potentially gain access to the user's private key, although they would need to use another vulnerability or employ a social engineering technique to obtain the saved document from the user.

Recommendations For Microsoft Office 2007 SP3, consider disabling the use of Visual Basic macros until a patch is available. For Microsoft Office 2010 SP2, restrict access to sensitive documents to minimize the risk of exploitation. For Microsoft Office 2013 SP1, avoid using the certificate store for sensitive information until the issue is resolved. For Microsoft Office 2016, apply configuration changes to limit the export of private keys from the certificate store.