KLA10884Code execution vulnerability in Microsoft Office

2016-10-11T00:00:00
ID KLA10884
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

10/11/2016

Severity:

High

Description:

An improper RTF handling was found in Microsoft Office. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed file.

Affected products:

Microsoft Word 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Word 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Word 2016
Microsoft Word for Mac 2011
Microsoft Word 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer
SharePoint Server 2010 Service Pack 2
SharePoint Server 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1
Office Online Server

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-3263
CVE-2016-3209
CVE-2016-3262
CVE-2016-7182
CVE-2016-3396
CVE-2016-7193

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2016-32635.0High
CVE-2016-32095.0High
CVE-2016-32625.0High
CVE-2016-718210.0High
CVE-2016-33969.3High
CVE-2016-71939.3High

Microsoft official advisories:

KB list:

3118394
3189647
3118348
3118317
3188399
3188397
3118327
3188400
3118301
3127898
3193438
3118331
3127897
3118360
3118307
3118311
3193442
3118312
3118377
3118384
3118352
3118308
3118345