CVE-2016-7274

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Office (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code via a crafted web site or specially crafted file. This could enable an attacker to run arbitrary code in the context of the current user. If the current user has administrative user rights, the attacker could take control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Windows, update to a version that includes the fix for this issue. For Microsoft Office, avoid opening specially crafted files with affected versions of the software until a patch is available. As a temporary workaround, consider restricting user rights to minimize the risk of exploitation.