Searching
..

Click anywhere to stop

KLA10770
Multiple vulnerabilities in Microsoft Office

Обновлено: 22/01/2024
Дата обнаружения
08/03/2016
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.

Below is a complete list of vulnerabilities

  1. An improper memory objects handling can be exploited remotely via a specially designed file or content to execute arbitrary code;
  2. An invalidly signed binary can be exploited by attacker with write access to the vulnerable binary by binary hijack to bypass security restrictions.

Technical details

To mitigate these vulnerabilities you can disable OLE package function in Outlook. For further instructions take a look at MS16-029 advisory.

Пораженные продукты

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2011 for Mac
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0021
CVE-2016-0057
CVE-2016-0134
Оказываемое влияние
?
ACE 
[?]

SB 
[?]
Связанные продукты
Microsoft Office
CVE-IDS
CVE-2016-00219.3Critical
CVE-2016-00577.2High
CVE-2016-01349.3Critical