What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted Word file. In an email attack scenario, an attacker could exploit the vulnerability by sending a link to the specially crafted Word file. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to open the file, typically by way of an enticement in an email or instant message. Then the attacker must convince the victim to open the malicious file.
Felix Boulet