CVE-2016-7267

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016

Description A security feature bypass issue exists in Microsoft Office software due to improper handling of file formats. This issue does not directly allow arbitrary code execution but can be exploited in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code. An attacker would need to convince a user to open a specially crafted file with an affected version of Microsoft Office software to exploit this issue.

Recommendations For Microsoft Excel 2010 SP2, update to a version that properly handles file formats to prevent exploitation. For Microsoft Excel 2013 SP1 and 2013 RT SP1, update to a version that properly handles file formats to prevent exploitation. For Microsoft Excel 2016, update to a version that properly handles file formats to prevent exploitation.