SB2016071228 - Security Update for Microsoft Office 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016071228

SB2016071228 - Security Update for Microsoft Office

Published: July 12, 2016

Security Bulletin ID SB2016071228
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 86% Medium 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Memory corruption vulnerability (CVE-ID: CVE-2016-3278)

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to an unknown error in Microsoft Outlook. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.


2) Security feature bypass vulnerability (CVE-ID: CVE-2016-3279)

A remote attacker can bypass certain security restrictions.

The vulnerability exists due to an error when parsing file formats. A remote attacker can bypass certain security restrictions.

Successful exploitation of this vulnerability may allow an attacker to bypass certain security features, implemented in Microsoft Office products, and take advantage of other vulnerabilities.


3) Memory corruption vulnerability (CVE-ID: CVE-2016-3280)

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.


4) Memory corruption vulnerability (CVE-ID: CVE-2016-3281)

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.


5) Memory corruption vulnerability (CVE-ID: CVE-2016-3282)

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.



6) Memory corruption vulnerability in Microsoft Word Viewer (CVE-ID: CVE-2016-3283)

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to an unknown error in Microsoft Word Viewer. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.


7) Memory corruption vulnerability in Microsoft Excel (CVE-ID: CVE-2016-3284)

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to an unknown error in Microsoft Excel. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.

Remediation

Install update from vendor's website.

References