CVE-2016-0137

The Click-to-Run C2R implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."...

CVE-2016-0137

CVE-2016-0137 describes an information-disclosure/ASLR-bypass vulnerability in the Microsoft Office Click-to-Run (C2R) components for Office 2013 SP1 and Office 2016. The issue allows a local attacker with logon privileges to bypass ASLR by executing a specially crafted application, potentially l...

MS16-107: Security Update for Microsoft Office (3185852)

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the the Click-to-Run C2R components due to improper handling of objects in memory. An...

Microsoft Fixes 47 Vulnerabilities with September Patch Tuesday

Microsoft patched 47 vulnerabilities as part of 14 security bulletins, seven critical, with its monthly Patch Tuesday updates today. The company is warning users that if left unpatched, 10 of the issues can lead to remote execution. The updates resolve issues in Microsoft Windows, Office, Office...