Description
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges or obtain sensitive information.
Below is a complete list of vulnerabilities
- An improper memory objects handling can be exploited remotely via a specially designed document to execute arbitrary code;
- An improper memory content disclosure can be exploited remotely via a specially designed document to obtain sensitive information;
- An improper input validation can be exploited locally via a specially designed application to gain privileges.
Technical details
Vulnerability (2) can be mitigated via using Microsoft Office Block policy or preventing Word from loading RTF files. For further instructions take a look at original advisory.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2016-0025 high
- CVE-2016-3235 critical
- CVE-2016-3234 high
- CVE-2016-3233 high
KB list
- 3115182
- 3115187
- 3115020
- 3115041
- 2999465
- 3115244
- 3114740
- 3115107
- 3115243
- 3115144
- 3114872
- 3165796
- 3165798
- 3115194
- 3115195
- 3115196
- 3115198
- 3115014
- 3115111
- 3115134
- 3115130
- 3115173
- 2596915
- 3115170
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!