Microsoft Office Security Feature Bypass Vulnerability



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-3279
CWE-ID CWE-264
CWE-667
Exploitation vector Network
Public exploit N/A
Vulnerable software
Microsoft Office
Client/Desktop applications / Office applications

Microsoft Excel
Client/Desktop applications / Office applications

Microsoft PowerPoint
Client/Desktop applications / Office applications

Microsoft Word
Client/Desktop applications / Office applications

Microsoft Office Web Apps
Client/Desktop applications / Office applications

Word Automation Services on Microsoft SharePoint Server
Server applications / Other server solutions

Vendor Microsoft

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Security feature bypass vulnerability

EUVDB-ID: #VU132

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-3279

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

A remote attacker can bypass certain security restrictions.

The vulnerability exists due to an error when parsing file formats. A remote attacker can bypass certain security restrictions.

Successful exploitation of this vulnerability may allow an attacker to bypass certain security features, implemented in Microsoft Office products, and take advantage of other vulnerabilities.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Microsoft Office: 2010 Service Pack 2 - 2016

Microsoft Excel: 2010 Service Pack 2 - 2016

Microsoft PowerPoint: 2010 Service Pack 2 - 2013 Service Pack 1

Microsoft Word: 2010 Service Pack 2 - 2016

Word Automation Services on Microsoft SharePoint Server: 2010 Service Pack 2

Microsoft Office Web Apps: 2010 Service Pack 2

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3279


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###