Multiple vulnerabilities in Microsoft Office

Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions or execute arbitrary code.

Below is a complete list of vulnerabilities

1. Improper memory objects handling can be exploited remotely via a specially designed file to execute arbitrary code;
2. Lack of Access Control Policy enforcement can be exploited remotely via a specially designed web content to bypass security restrictions;
3. An unknown vulnerability can be exploited remotely via a specially designed web content to bypass Address Space Layout Randomization security feature.

---

Technical details

In some cases vulnerability (1) can be triggered via Preview Pane.

Vulnerability (2) related to SharePoint

Первичный источник обнаружения

• CVE-2016-0035
  CVE-2015-6117
  CVE-2016-0010
  CVE-2016-0011
  CVE-2016-0012
  

Связанные продукты

• Microsoft-Office

Список CVE

• CVE-2016-0035
  critical
• CVE-2015-6117
  warning
• CVE-2016-0010
  critical
• CVE-2016-0011
  warning
• CVE-2016-0012
  warning

Список KB

• 3114511
• 3114518
• 3114557
• 3114554
• 3114494
• 3114396
• 2920727
• 3114504
• 3114549
• 3114421
• 2881067
• 3114503
• 3114540
• 3114541
• 3114520
• 3114402
• 3114546
• 3114564
• 3114547
• 3039794
• 3114482
• 3114489
• 3114526

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com