Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10827
HistoryJun 14, 2016 - 12:00 a.m.

KLA10827 Multiple vulnerabilities in Microsoft Office

2016-06-1400:00:00
Kaspersky Lab
threats.kaspersky.com
66

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.209 Low

EPSS

Percentile

96.3%

JSON

Detect date:

06/14/2016

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges or obtain sensitive information.

Affected products:

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer
Microsoft Visio Viewer 2007 Service Pack 3
Microsoft Visio Viewer 2010
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1
Office Online Server

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-0025
CVE-2016-3235
CVE-2016-3234
CVE-2016-3233

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2016-00259.3Critical
CVE-2016-32359.3Critical
CVE-2016-32344.3Warning
CVE-2016-32339.3Critical

Microsoft official advisories:

KB list:

3115182
3115187
3115020
3115041
2999465
3115244
3114740
3115107
3115243
3115144
3114872
3165796
3165798
3115194
3115195
3115196
3115198
3115014
3115111
3115134
3115130
3115173
2596915
3115170

References

Related

mskb 25
nessus 2
openvas 10
symantec 4
cve 4
checkpoint_advisories 3
prion 4
mscve 4
attackerkb 1
cisa_kev 1
thn 1
packetstorm 1
zdt 1
qualysblog 1
mskb
mskb
MS16-070: Security Update for Office: June 14, 2016
2016-06-14 00:00:00
MS16-070: Description of the security update for Word 2010: June 14, 2016
2016-06-14 07:00:00
MS16-070: Description of the security update for SharePoint Server 2010 Office Web Apps: June 14, 2016
2016-06-14 07:00:00
nessus
nessus
MS16-070: Security Update for Microsoft Office (3163610)
2016-06-15 00:00:00
MS16-070: Security Update for Microsoft Office (3163610) (Mac OS X)
2016-06-15 00:00:00
openvas
openvas
Microsoft Office Compatibility Pack Multiple Vulnerabilities (3163610)
2016-06-15 00:00:00
Microsoft Office Web Apps Multiple Vulnerabilities (3163610)
2016-06-16 00:00:00
Microsoft SharePoint Server WAS Multiple Vulnerabilities (3163610)
2016-06-16 00:00:00
symantec
symantec
Microsoft Office CVE-2016-3233 Memory Corruption Vulnerability
2016-06-14 00:00:00
Microsoft Office CVE-2016-3235 DLL Loading Local Privilege Escalation Vulnerability
2016-06-14 00:00:00
Microsoft Office CVE-2016-0025 Memory Corruption Vulnerability
2016-06-14 00:00:00
cve
cve
CVE-2016-3233
2016-06-16 01:59:00
CVE-2016-3235
2016-06-16 01:59:00
CVE-2016-0025
2016-06-16 01:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Memory Corruption (MS16-070: CVE-2016-3233)
2016-06-14 00:00:00
Microsoft Office Information Disclosure (MS16-070: CVE-2016-3234)
2016-06-14 00:00:00
Microsoft Office Memory Corruption (MS16-070: CVE-2016-0025)
2016-06-14 00:00:00
prion
prion
Memory corruption
2016-06-16 01:59:00
Security feature bypass
2016-06-16 01:59:00
Memory corruption
2016-06-16 01:59:00
mscve
mscve
Microsoft Office Memory Corruption Vulnerability
2016-06-14 07:00:00
Microsoft Office Memory Corruption Vulnerability
2016-06-14 07:00:00
Microsoft Office Information Disclosure Vulnerability
2016-06-14 07:00:00
attackerkb
attackerkb
CVE-2016-3235
2016-06-16 00:00:00
cisa_kev
cisa_kev
Microsoft Office OLE DLL Side Loading Vulnerability
2021-11-03 00:00:00
thn
thn
Microsoft releases tons of Security Updates to patch 44 vulnerabilities
2016-06-14 19:35:00
packetstorm
packetstorm
Office OLE DLL Hijacking
2016-11-10 00:00:00
zdt
zdt
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-04
2017-03-23 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.209 Low

EPSS

Percentile

96.3%

JSON
Related for KLA10827
mskb25nessus2openvas10symantec4cve4checkpoint_advisories3prion4mscve4attackerkb1cisa_kev1thn1packetstorm1zdt1qualysblog1