Microsoft Office Remote Code Execution Vulnerability

Last Update Date: 11 Apr 2017 09:04 Release Date: 11 Apr 2017 3914 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability was identified in Microsoft Office, a remote user can exploit this vulnerability to perform remote code execution on the targeted system.

 

Note

  • The vulnerability is being exploited in the wild.
  • No patch is currently available.

Impact

  • Remote Code Execution

System / Technologies affected

  • All versions of Microsoft Office, including Office 2016 on Windows 10

Solutions

  • No patch is currently available.

 

Workaround:

Enable the "File Block Settings", please refer to the workaround example below for Word 2016, for other versions of Office, the path is different, please change the path according to your installed version.

 

Workaround example for Word 2016:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\FileBlock]
    "OpenInProtectedView"=dword:00000000
    "RtfFiles"=dword:00000002

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Google Android Multiple Vulnerabilities

10 Apr 2017 3176 Views

Next

Apache Tomcat Multiple Vulnerabilities

12 Apr 2017 3112 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY