Kaspersky Threats

Detect date

?

07/12/2016

Severity

?

High

Description

An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files.

Technical details

To mitigate some of these vulnerabilities you can block RTF files from opening. More information about this workaround you can find at MS16-088 advisory listed below.

Affected products

Office Online Server
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Excel and Word Viewers
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft SharePoint Server 2016
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-3278
CVE-2016-3279
CVE-2016-3280
CVE-2016-3281
CVE-2016-3282
CVE-2016-3283
CVE-2016-3284

Impacts

?

ACE

[?]

Detect date ?	07/12/2016
Severity ?	High
Description	An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files. Technical details To mitigate some of these vulnerabilities you can block RTF files from opening. More information about this workaround you can find at MS16-088 advisory listed below.
Affected products	Office Online Server Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016 Microsoft Office for Mac 2011 Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Excel and Word Viewers Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft SharePoint Server 2016 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps 2013 Service Pack 1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-3278 CVE-2016-3279 CVE-2016-3280 CVE-2016-3281 CVE-2016-3282 CVE-2016-3283 CVE-2016-3284
Impacts ?	ACE [?]
Related products	Microsoft Office Microsoft Sharepoint Server
CVE-IDS ?	CVE-2016-32789.3Critical CVE-2016-32794.3Warning CVE-2016-32809.3Critical CVE-2016-32819.3Critical CVE-2016-32829.3Critical CVE-2016-32839.3Critical CVE-2016-32849.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3115289 3115285 3115386 3115246 3115309 3115308 3115262 3115301 3115322 3115306 3115299 3115393 3115259 3115118 3115292 3115395 3115114 3170460 3170463 3115318 3115272 3115312 3115311 3115279 3115317 3115315 3115254
	Find out the statistics of the vulnerabilities spreading in your region

KLA10842Multiple code execution vulnerabilities in Microsoft Office

KLA10842
Multiple code execution vulnerabilities in Microsoft Office