KLA10921
Multiple vulnerabilities in Microsoft Office
Обновлено: 17/06/2019
Дата обнаружения
13/12/2016
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges.

Below is a complete list of vulnerabilities:

  1. Memory corruption vulnerability can be exploited remotely via a specially designed document to cause a denial of service or execute arbitrary code;
  2. Information disclosure vulnerability can be exploited remotely via a specialy designed document to cause a denial of service or obtain sensitive information (from process memory);
  3. Mishandling of click upon a specially designed cell can be exploited remotely to execute arbitrary code;
  4. Mishandling or a registry check can be exploited remotely via specially designed embedded content of a document to execute arbitrary code;
  5. Misparsing of file formats can be exploited remotely via a specially designed document to execute arbitrary code;
  6. Vulnerability in Uniscribe can be exploited remotely via a specially designed site to execute arbitrary code;
  7. Mishandling of library loading can be exploited by malicious local users via a specially designed application to gain privileges.
Пораженные продукты

Microsoft Excel 2007 Service Pack 3 
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016 
Microsoft Excel Viewer
Microsoft Excel 2011 for Mac
Microsoft Excel 2016 for Mac 
Microsoft Word 2007 Service Pack 3 
Microsoft Word 2010 Service Pack 2 
Microsoft Office 2016 
Microsoft Word Viewer 
Microsoft Word for Mac 2011
Microsoft Office 2007 Service Pack 3 
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2 
Microsoft Office 2013
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2011 for Mac
Microsoft Office 2016 for Mac 
Microsoft Office Compatibility Pack Service Pack 3 
Microsoft Publisher 2010 Service Pack 2
Microsoft Auto Updater for Mac
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2 
Excel Services on Microsoft SharePoint Server 2007 Service Pack 3
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 
Microsoft Office Web Apps 2010 Service Pack 2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
MS16-148
CVE-2016-7257
CVE-2016-7274
CVE-2016-7277
CVE-2016-7276
CVE-2016-7275
CVE-2016-7268
CVE-2016-7267
CVE-2016-7300
CVE-2016-7291
CVE-2016-7290
CVE-2016-7289
CVE-2016-7262
CVE-2016-7263
CVE-2016-7264
CVE-2016-7265
CVE-2016-7266
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Professional Plus 2010
Microsoft Office
Microsoft Excel
Microsoft Word
Microsoft Sharepoint Server
CVE-IDS
Microsoft official advisories
Microsoft Security Update Guide
KB list

3118380
2889841
3128008
3127986
2883033
3128022
3128023
3128026
3128035
3128032
3198800
3128024
3128043
3128044
3128016
3127995
3128019
3127892
3128020
3128029
3198808
3114395
3128037
3127968
3128025
3128034