KLA10770
Multiple vulnerabilities in Microsoft Office
Обновлено: 17/06/2019
Дата обнаружения
08/03/2016
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.

Below is a complete list of vulnerabilities

  1. An improper memory objects handling can be exploited remotely via a specially designed file or content to execute arbitrary code;
  2. An invalidly signed binary can be exploited by attacker with write access to the vulnerable binary by binary hijack to bypass security restrictions.

Technical details

To mitigate these vulnerabilities you can disable OLE package function in Outlook. For further instructions take a look at MS16-029 advisory.

Пораженные продукты

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2011 for Mac
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0021
CVE-2016-0057
CVE-2016-0134
Оказываемое влияние
?
ACE 
[?]

SB 
[?]
Связанные продукты
Microsoft Office
CVE-IDS
CVE-2016-00219.3Critical
CVE-2016-00577.2High
CVE-2016-01349.3Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3114824
3114821
2956063
3114414
3114829
3141806
3114880
3114883
3114814
3039746
3114873
3114690
3114855
3114878
3114812
3114426
3138328
3138327
3114900
2956110
3114833
3114861
3114866
2880510
3114901