Kaspersky LabKLA10874KLA10874 Multiple vulnerabilities in Microsoft Office
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.273 Low
EPSS
Percentile
96.7%
Detect date:
09/13/2016
Severity:
High
Description:
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code or obtain sensitive information.
Affected products:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Excel, PowerPoint and Word Viewers
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 ServicePack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1
Office Online Server
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2016-3362
CVE-2016-3363
CVE-2016-3364
CVE-2016-3365
CVE-2016-3366
CVE-2016-3358
CVE-2016-0137
CVE-2016-0141
CVE-2016-3357
CVE-2016-3381
CVE-2016-3359
CVE-2016-3360
CVE-2016-3361
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2016-33629.3Critical
CVE-2016-33639.3Critical
CVE-2016-33649.3Critical
CVE-2016-33659.3Critical
CVE-2016-33664.3Warning
CVE-2016-33589.3Critical
CVE-2016-01374.3Warning
CVE-2016-01414.3Warning
CVE-2016-33579.3Critical
CVE-2016-33819.3Critical
CVE-2016-33599.3Critical
CVE-2016-33609.3Critical
CVE-2016-33619.3Critical
Microsoft official advisories:
KB list:
3118270
3115459
3118299
3118290
3118292
3118293
3115472
3118297
3115169
3118316
3114744
3118313
3115487
2597974
3054862
2553432
3115462
3115463
3115119
3115466
3115467
3115443
3115112
3054969
3118284
3186807
3186805
3118280
3118303
3118300
3118268
3118309
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/2553432
support.microsoft.com/kb/2597974
support.microsoft.com/kb/3054862
support.microsoft.com/kb/3054969
support.microsoft.com/kb/3114744
support.microsoft.com/kb/3115112
support.microsoft.com/kb/3115119
support.microsoft.com/kb/3115169
support.microsoft.com/kb/3115443
support.microsoft.com/kb/3115459
support.microsoft.com/kb/3115462
support.microsoft.com/kb/3115463
support.microsoft.com/kb/3115466
support.microsoft.com/kb/3115467
support.microsoft.com/kb/3115472
support.microsoft.com/kb/3115487
support.microsoft.com/kb/3118268
support.microsoft.com/kb/3118270
support.microsoft.com/kb/3118280
support.microsoft.com/kb/3118284
support.microsoft.com/kb/3118290
support.microsoft.com/kb/3118292
support.microsoft.com/kb/3118293
support.microsoft.com/kb/3118297
support.microsoft.com/kb/3118299
support.microsoft.com/kb/3118300
support.microsoft.com/kb/3118303
support.microsoft.com/kb/3118309
support.microsoft.com/kb/3118313
support.microsoft.com/kb/3118316
support.microsoft.com/kb/3186805
support.microsoft.com/kb/3186807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3361
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3366
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3381
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0137
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0141
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3357
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3358
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3359
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3360
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3361
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3362
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3363
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3364
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3365
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3366
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3381
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Office/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.273 Low
EPSS
Percentile
96.7%