Kaspersky Threats

Дата обнаружения

13/12/2016

Уровень угрозы

Critical

Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges.

Below is a complete list of vulnerabilities:

Memory corruption vulnerability can be exploited remotely via a specially designed document to cause a denial of service or execute arbitrary code;
Information disclosure vulnerability can be exploited remotely via a specialy designed document to cause a denial of service or obtain sensitive information (from process memory);
Mishandling of click upon a specially designed cell can be exploited remotely to execute arbitrary code;
Mishandling or a registry check can be exploited remotely via specially designed embedded content of a document to execute arbitrary code;
Misparsing of file formats can be exploited remotely via a specially designed document to execute arbitrary code;
Vulnerability in Uniscribe can be exploited remotely via a specially designed site to execute arbitrary code;
Mishandling of library loading can be exploited by malicious local users via a specially designed application to gain privileges.

Пораженные продукты

Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Excel 2011 for Mac
Microsoft Excel 2016 for Mac
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Office 2016
Microsoft Word Viewer
Microsoft Word for Mac 2011
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2011 for Mac
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Publisher 2010 Service Pack 2
Microsoft Auto Updater for Mac
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
Excel Services on Microsoft SharePoint Server 2007 Service Pack 3
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения

MS16-148
CVE-2016-7257
CVE-2016-7274
CVE-2016-7277
CVE-2016-7276
CVE-2016-7275
CVE-2016-7268
CVE-2016-7267
CVE-2016-7300
CVE-2016-7291
CVE-2016-7290
CVE-2016-7289
CVE-2016-7262
CVE-2016-7263
CVE-2016-7264
CVE-2016-7265
CVE-2016-7266

Оказываемое влияние

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

Связанные продукты

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Professional Plus 2010
Microsoft Office
Microsoft Excel
Microsoft Word
Microsoft Sharepoint Server

CVE-IDS

CVE-2016-72574.3Warning
CVE-2016-72749.3Critical
CVE-2016-72779.3Critical
CVE-2016-72765.8High
CVE-2016-72757.2High
CVE-2016-72685.8High
CVE-2016-72674.3Warning
CVE-2016-73004.6Warning
CVE-2016-72915.8High
CVE-2016-72905.8High
CVE-2016-72899.3Critical
CVE-2016-72626.8High
CVE-2016-72639.3Critical
CVE-2016-72645.8High
CVE-2016-72655.8High
CVE-2016-72666.8High

KLA10921Multiple vulnerabilities in Microsoft Office

KLA10921
Multiple vulnerabilities in Microsoft Office