CVE-2017-0029

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2010 SP2 through 2016 Word versions 2010 SP2 through 2016

Description The issue is related to a denial of service vulnerability in Microsoft Office and Word, caused by insufficient access control. This vulnerability can be exploited by a remote attacker using a specially crafted Office document, leading to an application hang. The denial of service would not allow an attacker to execute code or elevate their user rights. For an attack to be successful, a user must open a specially crafted file with an affected version of Microsoft Office.

Recommendations For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Word 2010 SP2, update to a newer version to mitigate the risk. For Word 2013 RT SP1, update to a newer version to mitigate the risk. For Word 2016, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted files in the affected versions of Microsoft Office until a patch is available.