CVE-2017-0281

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft Word (affected versions not specified) Microsoft Skype for Business (affected versions not specified) Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft Office Web Apps (affected versions not specified) Office Online Server (affected versions not specified)

Description The issue is related to the improper handling of data, which can lead to remote code execution. An attacker could exploit this by using a specially crafted file to perform actions in the security context of the current user. The exploitation requires a user to open the specially crafted file with an affected version of the software.

Recommendations For Microsoft Office, consider avoiding the use of specially crafted files until a fix is available. For Microsoft Word, restrict the opening of files from untrusted sources to minimize the risk of exploitation. For Microsoft Skype for Business, Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft Office Web Apps, and Office Online Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.