Microsoft Excel CVE-2016-7266 Security Feature Bypass Vulnerability

description-logoDescription

A security feature bypass vulnerability exists when Microsoft Excel improperly checks registry settings when an attempt is made to run embedded content. An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to attempt to open the document multiple times. The update addresses the vulnerability by correcting how Microsoft Excel checks registry settings when a user attempts to open or execute embedded content.

affected-products-logoAffected Applications

Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 x86
Microsoft Excel 2016 for Mac
Microsoft Excel 2007 Service Pack 3
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Excel 2016 x64
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)

CVE References

CVE-2016-7266