Multiple code execution vulnerabilities in Microsoft Office

Description

An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files.

---

Technical details

To mitigate some of these vulnerabilities you can block RTF files from opening. More information about this workaround you can find at MS16-088 advisory listed below.

Original advisories

• CVE-2016-3278

• CVE-2016-3279
• CVE-2016-3280
• CVE-2016-3281
• CVE-2016-3282
• CVE-2016-3283
• CVE-2016-3284

Related products

• Microsoft-Office
• Microsoft-Sharepoint-Server

CVE list

• CVE-2016-3278
  critical
• CVE-2016-3279
  warning
• CVE-2016-3280
  critical
• CVE-2016-3281
  critical
• CVE-2016-3282
  critical
• CVE-2016-3283
  critical
• CVE-2016-3284
  critical

KB list

• 3115289
• 3115285
• 3115386
• 3115246
• 3115309
• 3115308
• 3115262
• 3115301
• 3115322
• 3115306
• 3115299
• 3115393
• 3115259
• 3115118
• 3115292
• 3115395
• 3115114
• 3170460
• 3170463
• 3115318
• 3115272
• 3115312
• 3115311
• 3115279
• 3115317
• 3115315
• 3115254

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com