For Patch Tuesday, Microsoft released important security updates for Office 2011 for Mac, resolving one privately reported vulnerability in Microsoft Office. The software update addresses a remote code execution vulnerability (CVE-2013-1331) that affects Microsoft Office for Mac 2011 and Microsoft Office 2003 Service Pack 3. In addition to Microsoft’s Patch Tuesday update, Adobe patched a memory corruption flaw in its Flash Player software.
Microsoft’s security bulletin (MS13-051) describes the vulnerability resolved in this update as follows:
The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft addressed the vulnerability by correcting the way that Microsoft Office parses specially crafted Office files.
We recommend that all users running Microsoft Office 2011 for Mac apply these updates as soon as possible. Office users can update your software using Microsoft’s AutoUpdate application, or you can visit Microsoft’s Download Center to get the Office 2011 14.3.5 update for Mac.
