CVE-2016-7268

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2010 SP2 Microsoft Word versions 2007 SP3 through 2010 SP2 Microsoft Office Compatibility Pack version SP3 Microsoft Word Viewer (affected versions not specified) Microsoft Word for Mac version 2011 Microsoft Word Automation Services on SharePoint Server version 2010 SP2 Microsoft Office Web Apps version 2010 SP2

Description The issue allows remote attackers to obtain sensitive information from process memory or cause a denial of service via a crafted document. Multiple information disclosure vulnerabilities exist when affected Microsoft Office software reads out of bound memory, which could disclose the contents of memory. An attacker who successfully exploited the vulnerabilities could view out of bound memory. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office versions 2007 SP3 through 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word versions 2007 SP3 through 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack version SP3, update to a newer version to mitigate the risk. For Microsoft Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Word for Mac version 2011, update to a newer version to mitigate the risk. For Microsoft Word Automation Services on SharePoint Server version 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office Web Apps version 2010 SP2, update to a newer version to mitigate the risk.