Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB3054984
HistoryMay 10, 2016 - 7:00 a.m.

MS16-054: Description of the security update for Office 2010: May 10, 2016

2016-05-1007:00:00
Microsoft
support.microsoft.com
26

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.704 High

EPSS

Percentile

98.0%

JSON

MS16-054: Description of the security update for Office 2010: May 10, 2016

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-054.

Note To apply this security update, you must have the release version of Service Pack 2 for Office 2010 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article KB3155544.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the “Turn on automatic updating in Control Panel” section of this Safety & Security Center article.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB3155544.

Security update replacement information

This security update replaces previously released security update KB3054848.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
oartconv2010-kb3054984-fullfile-x64-glb.exe D817FFDE6E3D89732FBB94DDE283D4729AE2EF0C D6820211435B1F4BBAA3B33214FB19E79A4CE1C6549C5C898ED9E0ECB8FC3568
oartconv2010-kb3054984-fullfile-x86-glb.exe E366A3139E47BC69A7D327A3D3322906C5D77275 3DE99F918D597BB211D73CF70F84A80C834644382E4DB6FC5242E90092401AB7

__

File information

The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.

For all supported x86-based versions of Office 2010File identifier File name File version File size Date Time
oartconv.dll oartconv.dll 14.0.7169.5000 11,149,048 12-Apr-2016 01:13
For all supported x64-based versions of Office 2010File identifier File name File version File size Date Time
oartconv.dll oartconv.dll 14.0.7169.5000 19,228,920 12-Apr-2016 01:29

__

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Related

srcincite 1
mskb 6
mscve 1
cvelist 1
symantec 1
cve 1
prion 1
nvd 1
checkpoint_advisories 1
nessus 1
openvas 1
kaspersky 1
srcincite
srcincite
SRC-2016-0022 : Microsoft Office Component FSupportSAEXTChar Use-After-Free Remote Code Execution Vulnerability
2016-01-19 00:00:00
mskb
mskb
MS16-054: Description of the security update for 2007 Microsoft Office Suite: May 10, 2016
2016-05-10 07:00:00
MS16-054: Description of the security update for 2007 Microsoft Office Suite: May 10, 2016
2016-05-10 07:00:00
MS16-054: Description of the security update for Office 2010: May 10, 2016
2016-05-10 07:00:00
mscve
mscve
Microsoft Office Remote Code Execution Vulnerability
2016-05-10 07:00:00
cvelist
cvelist
CVE-2016-0140
2016-05-11 01:00:00
symantec
symantec
Microsoft Office CVE-2016-0140 Memory Corruption Vulnerability
2016-05-10 00:00:00
cve
cve
CVE-2016-0140
2016-05-11 01:59:03
prion
prion
Memory corruption
2016-05-11 01:59:00
nvd
nvd
CVE-2016-0140
2016-05-11 01:59:03
checkpoint_advisories
checkpoint_advisories
Microsoft Office Memory Corruption (MS16-042: CVE-2016-0139; CVE-2016-0140)
2016-04-12 00:00:00
nessus
nessus
MS16-054: Security Update for Microsoft Office (3155544)
2016-05-10 00:00:00
openvas
openvas
Microsoft Office Multiple Remote Code Execution Vulnerabilities (3155544)
2016-05-11 00:00:00
kaspersky
kaspersky
KLA10804 Code execution vulnerabilities in Microsoft Office
2016-05-10 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.704 High

EPSS

Percentile

98.0%

JSON
Related for KB3054984
srcincite1mskb6mscve1cvelist1symantec1cve1prion1nvd1checkpoint_advisories1nessus1openvas1kaspersky1