CVE-2017-0030

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft Office Web Apps (affected versions not specified) Microsoft Office Compatibility Pack (affected versions not specified) Microsoft Word (affected versions not specified) Microsoft SharePoint Server (affected versions not specified)

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted document. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights.

Recommendations For Microsoft Office, consider avoiding the use of specially crafted files until a patch is available. For Microsoft Office Web Apps, restrict access to specially crafted documents to minimize the risk of exploitation. For Microsoft Office Compatibility Pack, avoid using the pack with specially crafted files until the issue is resolved. For Microsoft Word, consider disabling the ability to open specially crafted documents as a temporary workaround. For Microsoft SharePoint Server, restrict access to specially crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.