CVE-2017-0254

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft Office Web Apps (affected versions not specified) Microsoft Word (affected versions not specified) Word Viewer (affected versions not specified) Microsoft SharePoint Server (affected versions not specified) Microsoft Office Compatibility Pack (affected versions not specified)

Description A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory. This could allow a remote attacker to run arbitrary code in the context of the current user. If the current user has administrative rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with limited rights on the system are less impacted than those operating with administrative rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office, update to a version that properly handles objects in memory to prevent remote code execution. For Microsoft Office Web Apps, consider disabling the ability to open specially crafted files until a patch is available. For Microsoft Word, restrict access to specially crafted files to minimize the risk of exploitation. For Word Viewer, avoid opening specially crafted files with the viewer until the issue is resolved. For Microsoft SharePoint Server, restrict access to specially crafted files to prevent exploitation. For Microsoft Office Compatibility Pack, consider disabling the pack until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.