Microsoft has released a security update for Office for Mac with fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code. This security update patches two flaws in Microsoft Excel for Mac 2011.
“This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specifically crafted Microsoft Office file,” notes Microsoft’s security bulletin.
Microsoft’s Office 2011 14.5.3 software update applies to the following: Office 2011, Office 2011 Home and Business Edition, Word 2011, Excel 2011, PowerPoint 2011, Outlook 2011, Office for Mac Standard 2011 Edition, Microsoft Office for Mac Home & Student 2011, and Microsoft Office for Mac Academic 2011.
The memory corruption vulnerabilities patched in the 14.5.3 update are as follows:
- CVE-2015-2376 : Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
- CVE-2015-2379 : Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
Microsoft’s security team, with this update, addressed these vulnerabilities by correcting how Office handles files in memory, by correcting how Excel handles the loading of certain specially crafted binaries, and by correcting how memory information is disclosed.
Microsoft Office 2011 for Mac users should install these updates as soon as possible. Mac users can update your software by using Microsoft’s AutoUpdate application, or by visiting the Microsoft Download Center to get the Office 2011 14.5.3 Update (113.4 MB).