Kaspersky Threats

Detect date

?

08/09/2016

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information or execute arbitrary code.

Below is a complete list of vulnerabilities

An improper memory contents handling at OneNote can be exploited remotely via a specially designed OneNote files to obtain sensitive information;
An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2
Microsoft Outlook 2013 Service Pack 1
Microsoft Outlook 2016
Microsoft Word Viewer

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

ADV160011
CVE-2016-3304
CVE-2016-3303
CVE-2016-3301
CVE-2016-3318
CVE-2016-3317
CVE-2016-3316
CVE-2016-3315
CVE-2016-3313

Impacts

?

ACE

[?]

OSI

[?]

Detect date ?	08/09/2016
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information or execute arbitrary code. Below is a complete list of vulnerabilities An improper memory contents handling at OneNote can be exploited remotely via a specially designed OneNote files to obtain sensitive information; An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016 Microsoft Office for Mac 2011 Microsoft Office 2016 for Mac Microsoft Outlook 2007 Service Pack 3 Microsoft Outlook 2010 Service Pack 2 Microsoft Outlook 2013 Service Pack 1 Microsoft Outlook 2016 Microsoft Word Viewer
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	ADV160011 CVE-2016-3304 CVE-2016-3303 CVE-2016-3301 CVE-2016-3318 CVE-2016-3317 CVE-2016-3316 CVE-2016-3315 CVE-2016-3313
Impacts ?	ACE [?] OSI [?]
Related products	Microsoft Office Microsoft Outlook
CVE-IDS ?	CVE-2016-33049.3Critical CVE-2016-33039.3Critical CVE-2016-33019.3Critical CVE-2016-33189.3Critical CVE-2016-33179.3Critical CVE-2016-33169.3Critical CVE-2016-33154.3Warning CVE-2016-33139.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3115479 3114893 3115480 3115465 3115439 3115415 3114981 3114456 3115474 3115419 3115471 3115452 3114885 3115427 3114400 3114340 3115449 3179163 3115468 3115440 3115256 3114442 3114869 3179162 3115408 3115481 3174305 3115131 3174304 3174301 3115109 3115431 3174302
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40257 https://www.exploit-db.com/exploits/40256 https://www.exploit-db.com/exploits/40255 https://www.exploit-db.com/exploits/40238 https://www.exploit-db.com/exploits/40224 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10857Multiple vulnerabilities in Microsoft Office

KLA10857
Multiple vulnerabilities in Microsoft Office