Kaspersky Threats

Detect date

?

05/10/2016

Severity

?

High

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities

An improper memory objects handling can be exploited remotely via a specially designed content;
An improper embedded fonts handling can be exploited remotely via a specially designed content.

Technical details

To mitigate vulnerability (2) user can prevent Office from opening RTF documents from unknown or untrusted sources or prevent Word from loading RTF documents. For further instructions take a look at original advisory listed below.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Word for Mac 2011
Microsoft Word 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-0183
CVE-2016-0126
CVE-2016-0140
CVE-2016-0198

Impacts

?

ACE

[?]

Detect date ?	05/10/2016
Severity ?	High
Description	Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities An improper memory objects handling can be exploited remotely via a specially designed content; An improper embedded fonts handling can be exploited remotely via a specially designed content. Technical details To mitigate vulnerability (2) user can prevent Office from opening RTF documents from unknown or untrusted sources or prevent Word from loading RTF documents. For further instructions take a look at original advisory listed below.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016 Microsoft Word for Mac 2011 Microsoft Word 2016 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Word Viewer Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 Microsoft Office Web Apps 2010 Service Pack 2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-0183 CVE-2016-0126 CVE-2016-0140 CVE-2016-0198
Impacts ?	ACE [?]
Related products	Microsoft Office
CVE-IDS ?	CVE-2016-01839.3Critical CVE-2016-01269.3Critical CVE-2016-01409.3Critical CVE-2016-01989.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3115124 3155777 3115121 2984938 3115123 3115132 3155776 2984943 3115025 3115016 3115094 3054984 3115103 3115115 3115116 3101520 3115117 3115464 3115479 3114893 3115480 3115465
	Find out the statistics of the vulnerabilities spreading in your region

KLA10804Code execution vulnerabilities in Microsoft Office

KLA10804
Code execution vulnerabilities in Microsoft Office