Kaspersky Threats

Kaspersky ID:

KLA10921

Erkennungsdatum:

12/13/2016

Aktualisiert:

03/29/2019

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges.

Below is a complete list of vulnerabilities:

Memory corruption vulnerability can be exploited remotely via a specially designed document to cause a denial of service or execute arbitrary code;
Information disclosure vulnerability can be exploited remotely via a specialy designed document to cause a denial of service or obtain sensitive information (from process memory);
Mishandling of click upon a specially designed cell can be exploited remotely to execute arbitrary code;
Mishandling or a registry check can be exploited remotely via specially designed embedded content of a document to execute arbitrary code;
Misparsing of file formats can be exploited remotely via a specially designed document to execute arbitrary code;
Vulnerability in Uniscribe can be exploited remotely via a specially designed site to execute arbitrary code;
Mishandling of library loading can be exploited by malicious local users via a specially designed application to gain privileges.

Ursprüngliche Informationshinweise

CVE Liste

CVE-2016-7257
critical
CVE-2016-7274
critical
CVE-2016-7277
critical
CVE-2016-7276
critical
CVE-2016-7275
critical
CVE-2016-7268
critical
CVE-2016-7267
critical
CVE-2016-7300
critical
CVE-2016-7291
critical
CVE-2016-7290
critical
CVE-2016-7289
critical
CVE-2016-7262
critical
CVE-2016-7263
critical
CVE-2016-7264
critical
CVE-2016-7265
critical
CVE-2016-7266
critical

KB Liste

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!

Kaspersky ID:

KLA10921

Erkennungsdatum:

12/13/2016

Aktualisiert:

03/29/2019

Schweregrad

critical

Lösung

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Auswirkungen

ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Beeinträchtigte Produkte

Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Excel 2011 for Mac
Microsoft Excel 2016 for Mac
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Office 2016
Microsoft Word Viewer
Microsoft Word for Mac 2011
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2011 for Mac
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Publisher 2010 Service Pack 2
Microsoft Auto Updater for Mac
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
Excel Services on Microsoft SharePoint Server 2007 Service Pack 3
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2

Multiple vulnerabilities in Microsoft Office

Beschreibung

Ursprüngliche Informationshinweise

CVE Liste

KB Liste

Mehr erfahren