SB2016071306 - Multiple vulnerabilities in Microsoft Office Software
Published: July 13, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Memory corruption vulnerability in Microsoft Excel (CVE-ID: CVE-2016-3284)
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Excel. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.2) Memory corruption vulnerability in Microsoft Word Viewer (CVE-ID: CVE-2016-3283)
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word Viewer. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
3) Memory corruption vulnerability (CVE-ID: CVE-2016-3282)
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
4) Memory corruption vulnerability (CVE-ID: CVE-2016-3281)
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
5) Memory corruption vulnerability (CVE-ID: CVE-2016-3280)
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
6) Security feature bypass vulnerability (CVE-ID: CVE-2016-3279)
A remote attacker can bypass certain security restrictions.
The vulnerability exists due to an error when parsing file formats. A remote attacker can bypass certain security restrictions.
Successful exploitation of this vulnerability may allow an attacker to bypass certain security features, implemented in Microsoft Office products, and take advantage of other vulnerabilities.
7) Memory corruption vulnerability (CVE-ID: CVE-2016-3278)
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Outlook. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
Remediation
Install update from vendor's website.