Multiple vulnerabilities in Microsoft Office

Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges.

Below is a complete list of vulnerabilities:

1. Memory corruption vulnerability can be exploited remotely via a specially designed document to cause a denial of service or execute arbitrary code;
2. Information disclosure vulnerability can be exploited remotely via a specialy designed document to cause a denial of service or obtain sensitive information (from process memory);
3. Mishandling of click upon a specially designed cell can be exploited remotely to execute arbitrary code;
4. Mishandling or a registry check can be exploited remotely via specially designed embedded content of a document to execute arbitrary code;
5. Misparsing of file formats can be exploited remotely via a specially designed document to execute arbitrary code;
6. Vulnerability in Uniscribe can be exploited remotely via a specially designed site to execute arbitrary code;
7. Mishandling of library loading can be exploited by malicious local users via a specially designed application to gain privileges.

Первичный источник обнаружения

• MS16-148
  CVE-2016-7257
  CVE-2016-7274
  CVE-2016-7277
  CVE-2016-7276
  CVE-2016-7275
  CVE-2016-7268
  CVE-2016-7267
  CVE-2016-7300
  CVE-2016-7291
  CVE-2016-7290
  CVE-2016-7289
  CVE-2016-7262
  CVE-2016-7263
  CVE-2016-7264
  CVE-2016-7265
  CVE-2016-7266
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats
• Microsoft-Office-Professional-Plus-2010
• Microsoft-Office
• Microsoft-Excel
• Microsoft-Word
• Microsoft-Sharepoint-Server

Список CVE

• CVE-2016-7257
  warning
• CVE-2016-7274
  critical
• CVE-2016-7277
  critical
• CVE-2016-7276
  high
• CVE-2016-7275
  high
• CVE-2016-7268
  high
• CVE-2016-7267
  warning
• CVE-2016-7300
  warning
• CVE-2016-7291
  high
• CVE-2016-7290
  high
• CVE-2016-7289
  critical
• CVE-2016-7262
  high
• CVE-2016-7263
  critical
• CVE-2016-7264
  high
• CVE-2016-7265
  high
• CVE-2016-7266
  high

Список KB

• 3118380
• 2889841
• 3128008
• 3127986
• 2883033
• 3128022
• 3128023
• 3128026
• 3128035
• 3128032
• 3198800
• 3128024
• 3128043
• 3128044
• 3128016
• 3127995
• 3128019
• 3127892
• 3128020
• 3128029
• 3198808
• 3114395
• 3128037
• 3127968
• 3128025
• 3128034

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com