CVE-2016-7235

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 through 2010 SP2 Office versions 2010 SP2 Word for Mac version 2011 Excel for Mac version 2011 Office Compatibility Pack version SP3

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code via a specially crafted Office document. Exploitation requires a user to open a crafted file with an affected version of Microsoft Office software. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights.

Recommendations For Microsoft Word 2007, update to a newer version to mitigate the risk. For Office 2010 SP2, update to a newer version to mitigate the risk. For Word 2010 SP2, update to a newer version to mitigate the risk. For Word for Mac 2011, update to a newer version to mitigate the risk. For Excel for Mac 2011, update to a newer version to mitigate the risk. For Office Compatibility Pack SP3, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted Office documents until a patch is available.