CVE-2017-0003

Name of the Vulnerable Software and Affected Versions Microsoft Word 2016 SharePoint Enterprise Server 2016

Description A remote code execution issue exists in Microsoft Office software due to its failure to properly handle objects in memory. This allows an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. The exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Word 2016, update to a version that properly handles objects in memory to prevent arbitrary code execution. For SharePoint Enterprise Server 2016, apply the necessary patches or updates to fix the memory handling issue and prevent remote code execution.