CVE-2016-7236

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2010 SP2 Excel for Mac versions 2011 Excel 2016 for Mac Excel Services on SharePoint Server versions 2010 SP2

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code using a specially crafted document. Exploitation of the issue requires a user to open a specially crafted file with an affected version of Microsoft Office software. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system, installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Excel 2010 SP2, consider disabling the ability to open specially crafted documents until a patch is available. For Excel for Mac 2011, restrict access to opening untrusted files to minimize the risk of exploitation. For Excel 2016 for Mac, avoid using the software to open documents from untrusted sources until the issue is resolved. For Excel Services on SharePoint Server 2010 SP2, consider implementing additional security measures to restrict the upload and opening of specially crafted files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.