Microsoft has released an update for Office for Mac 2011, providing fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code. The Office for Mac 2011 14.3.8 update resolves two flaws that could allow remote code execution if a user opens a specifically crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software.
The security update applies to all supported editions of Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Excel 2013, Microsoft Excel 2013 RT, and Microsoft Office for Mac 2011; it also applies to supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.
For all affected versions of Microsoft software, remote code execution vulnerabilities exist in the way that Microsoft Excel parses content in Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system, gaining the same user rights as the current user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
“Users whose accounts are not configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft noted in its security bulletin (MS13-085).
The following vulnerability information describes the flaws resolved in this update:
We strongly encourage all users running Office for Mac 2011 apply these updates as soon as possible. Office users can update your software using Microsoft’s AutoUpdate application, or you can visit Microsoft’s Download Center to get the 113.4 MB Office 2011 14.3.8 update for Mac.
