Multiple vulnerabilities in Microsoft Office

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions or execute arbitrary code.

Below is a complete list of vulnerabilities

1. Improper memory objects handling can be exploited remotely via a specially designed file to execute arbitrary code;
2. Lack of Access Control Policy enforcement can be exploited remotely via a specially designed web content to bypass security restrictions;
3. An unknown vulnerability can be exploited remotely via a specially designed web content to bypass Address Space Layout Randomization security feature.

---

Technical details

In some cases vulnerability (1) can be triggered via Preview Pane.

Vulnerability (2) related to SharePoint

Original advisories

• CVE-2016-0035

• CVE-2015-6117
• CVE-2016-0010
• CVE-2016-0011
• CVE-2016-0012

Related products

• Microsoft-Office

CVE list

• CVE-2016-0035
  critical
• CVE-2015-6117
  warning
• CVE-2016-0010
  critical
• CVE-2016-0011
  warning
• CVE-2016-0012
  warning

KB list

• 3114511
• 3114518
• 3114557
• 3114554
• 3114494
• 3114396
• 2920727
• 3114504
• 3114549
• 3114421
• 2881067
• 3114503
• 3114540
• 3114541
• 3114520
• 3114402
• 3114546
• 3114564
• 3114547
• 3039794
• 3114482
• 3114489
• 3114526

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com