Kaspersky Threats

Detect date

?

11/08/2016

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Out-of-bounds read can be exploited remotely via a specially designed file to obtain sensitive information;
An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack1
Microsoft Office 2016
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Excel, Word and PowerPoint Viewers

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS16-133
CVE-2016-7213
CVE-2016-7236
CVE-2016-7235
CVE-2016-7234
CVE-2016-7233
CVE-2016-7232
CVE-2016-7231
CVE-2016-7228
CVE-2016-7229
CVE-2016-7230
CVE-2016-7245
CVE-2016-7244

Impacts

?

ACE

[?]

OSI

[?]

Detect date ?	11/08/2016
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities Out-of-bounds read can be exploited remotely via a specially designed file to obtain sensitive information; An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2013 RT Service Pack1 Microsoft Office 2016 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps 2010 Service Pack 1 Microsoft Office for Mac 2011 Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Excel, Word and PowerPoint Viewers
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	MS16-133 CVE-2016-7213 CVE-2016-7236 CVE-2016-7235 CVE-2016-7234 CVE-2016-7233 CVE-2016-7232 CVE-2016-7231 CVE-2016-7228 CVE-2016-7229 CVE-2016-7230 CVE-2016-7245 CVE-2016-7244
Impacts ?	ACE [?] OSI [?]
Related products	Microsoft Office Microsoft Sharepoint Server
CVE-IDS ?	CVE-2016-72139.3Critical CVE-2016-72369.3Critical CVE-2016-72359.3Critical CVE-2016-72349.3Critical CVE-2016-72334.3Warning CVE-2016-72329.3Critical CVE-2016-72319.3Critical CVE-2016-72289.3Critical CVE-2016-72299.3Critical CVE-2016-72309.3Critical CVE-2016-72459.3Critical CVE-2016-72444.3Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	3127951 3127950 3127953 3127948 3118395 3198798 3118396 3118390 3115120 3127929 3118378 3127927 3127921 3127889 3127904 3127949 3127954 3115153 3118382 3118381 3115135 3198807 3127893 3127962 2986253 3127932