Microsoft Office Security Feature Bypass Vulnerability
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-3279 |
| CWE-ID | CWE-264 CWE-667 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft Office Client/Desktop applications / Office applications Microsoft Excel Client/Desktop applications / Office applications Microsoft PowerPoint Client/Desktop applications / Office applications Microsoft Word Client/Desktop applications / Office applications Microsoft Office Web Apps Client/Desktop applications / Office applications Word Automation Services on Microsoft SharePoint Server Server applications / Other server solutions |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Security feature bypass vulnerability
EUVDB-ID: #VU132
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2016-3279
CWE-ID:
Exploit availability:
DescriptionA remote attacker can bypass certain security restrictions.
The vulnerability exists due to an error when parsing file formats. A remote attacker can bypass certain security restrictions.
Successful exploitation of this vulnerability may allow an attacker to bypass certain security features, implemented in Microsoft Office products, and take advantage of other vulnerabilities.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Office: 2010 - 2016
Microsoft Excel: 2010 Service Pack 2 - 2016
Microsoft PowerPoint: 2010 Service Pack 2 - 2013 Service Pack 1
Microsoft Word: 2010 Service Pack 2 - 2016
Word Automation Services on Microsoft SharePoint Server: 2010 Service Pack 2
Microsoft Office Web Apps: 2010 Service Pack 2
Fixed software versionsCPE2.3 External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3279
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
