The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office 2007, Microsoft Office 2010, and Microsoft Office 2013. This security update is rated Important for the following affected software:
- Microsoft Excel 2007, Microsoft PowerPoint 2007, Microsoft Word 2007
- Microsoft Excel 2010, Microsoft PowerPoint 2007, Microsoft Word 2010
- Microsoft Word 2013
- Microsoft Word Viewer, Microsoft Excel Viewer, Microsoft Office Compatibility Pack
- Microsoft SharePoint Server 2007, Microsoft SharePoint Services 3.0, Microsoft SharePoint Server 2010, Microsoft SharePoint Foundation 2010, Word Automation Services on Microsoft SharePoint Server 2010, Microsoft SharePoint Server 2013, Microsoft SharePoint Foundation 2013, Excel Services on Microsoft SharePoint Server 2013
- Microsoft Web Applications 2010, Microsoft Office Web Apps Server 2010, Microsoft Office Web Apps Server 2013, Microsoft Office Web Apps Server 2013
For more information, see the Affected Software section.
The security update addresses the vulnerabilities by correcting how Microsoft Office parses specially crafted files, by correcting how Office handles files in memory, and by helping to ensure that SharePoint Server properly sanitizes user input. For more information about the vulnerabilities, see the Vulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3038999.
Tuesday, March 10, 2015