KLA10754 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or gain privileges.

Below is a complete list of vulnerabilities

1. An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code;
2. An improper requests sanitization at SharePoint Server can be exploited remotely via a specially designed request to gain privileges.

Original advisories

CVE-2016-0022

CVE-2016-0052

CVE-2016-0055

CVE-2016-0056

CVE-2016-0039

CVE-2016-0054

CVE-2016-0053

Related products

Microsoft-Office

CVE list

CVE-2016-0022 critical

CVE-2016-0052 critical

CVE-2016-0055 critical

CVE-2016-0056 critical

CVE-2016-0039 warning

CVE-2016-0054 critical

CVE-2016-0053 critical

KB list

3114432

3114724

3137721

3114335

3114702

3114742

3114741

3114747

3114745

3114755

3114773

3114698

3114338

3039768

3114548

3114733

3114407

3114401

3114734

3114759

3114752

3134241

3134226

3114481

3114748

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• CI

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2013 RT Service Pack 1Microsoft Office 2016Microsoft Office for Mac 2011Microsoft Office 2016 for MacMicrosoft Office Compatibility Pack Service Pack 3Microsoft Word & Excel ViewersMicrosoft SharePoint Server 2007 Service Pack 3 Excel ServicesMicrosoft SharePoint Server 2010 Service Pack 2 Excel ServicesMicrosoft SharePoint Server 2013 Service Pack 1Microsoft Office Web Apps 2010 Service Pack 2Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft SharePoint Foundation 2013 Service Pack 1