KLA10857
Multiple vulnerabilities in Microsoft Office

Updated: 09/26/2023
Detect date
?
08/09/2016
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. An improper memory contents handling at OneNote can be exploited remotely via a specially designed OneNote files to obtain sensitive information;
  2. An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code.
Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2
Microsoft Outlook 2013 Service Pack 1
Microsoft Outlook 2016
Microsoft Word Viewer

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

ADV160011
CVE-2016-3304
CVE-2016-3303
CVE-2016-3301
CVE-2016-3318
CVE-2016-3317
CVE-2016-3316
CVE-2016-3315
CVE-2016-3313

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Office
Microsoft Outlook
CVE-IDS
?
CVE-2016-33049.3Critical
CVE-2016-33039.3Critical
CVE-2016-33019.3Critical
CVE-2016-33189.3Critical
CVE-2016-33179.3Critical
CVE-2016-33169.3Critical
CVE-2016-33154.3Warning
CVE-2016-33139.3Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3115479
3114893
3115480
3115465
3115439
3115415
3114981
3114456
3115474
3115419
3115471
3115452
3114885
3115427
3114400
3114340
3115449
3179163
3115468
3115440
3115256
3114442
3114869
3179162
3115408
3115481
3174305
3115131
3174304
3174301
3115109
3115431
3174302

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region