Security News

Microsoft has released Office 2011 14.5.5 for OS X versions 10.5.8 or later, addressing two remote code execution vulnerabilities affecting Microsoft Excel for Mac 2011.

The Office 2011 14.5.5 update patches memory corruption flaws, which “an attacker can use to overwrite the contents of your computer’s memory with malicious code,” notes Microsoft’s security bulletin (MS15-099).

This update applies to the following Microsoft software for Mac: Office 2011, Office 2011 Home and Business Edition, Word 2011, Excel 2011, PowerPoint 2011, Outlook 2011, Office for Mac Standard 2011 Edition, Microsoft Office for Mac Home & Student 2011, and Microsoft Office for Mac Academic 2011.

The vulnerabilities patched in this update are described as follows:

• CVE-2015-2520 : Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
• CVE-2015-2523 : Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

Microsoft’s security team addressed the vulnerabilities by correcting how Microsoft Office handles files in memory.

All Office for Mac 2011 users can update to version 14.5.5 by using Microsoft’s AutoUpdate application, or you can visit the Microsoft Download Center to get the Office 2011 14.5.5 update (113.3 MB).