Risk | High |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2016-3278 CVE-2016-3279 CVE-2016-3280 CVE-2016-3281 CVE-2016-3282 CVE-2016-3283 CVE-2016-3284 |
CWE-ID | CWE-119 CWE-264 CWE-667 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Microsoft Office Client/Desktop applications / Office applications Microsoft Outlook Client/Desktop applications / Office applications Microsoft Excel Client/Desktop applications / Office applications Microsoft PowerPoint Client/Desktop applications / Office applications Microsoft Word Client/Desktop applications / Office applications Microsoft Office Web Apps Client/Desktop applications / Office applications Microsoft Word for Mac Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications Microsoft Office Compatibility Pack Client/Desktop applications / Office applications Microsoft Excel for Mac Client/Desktop applications / Office applications / Word Automation Services on Microsoft SharePoint Server Server applications / Other server solutions Office Online Server Server applications / Other server solutions Microsoft SharePoint Server Server applications / Application servers |
Vendor |
Microsoft |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU131
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3278
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionA remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Outlook. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
MitigationInstall updates from Microsoft website.
Vulnerable software versions: 2010 - 2016
Microsoft Outlook: 2010 Service Pack 2 - 2016
CPE2.3http://technet.microsoft.com/en-us/library/security/MS16-088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU132
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3279
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionA remote attacker can bypass certain security restrictions.
The vulnerability exists due to an error when parsing file formats. A remote attacker can bypass certain security restrictions.
Successful exploitation of this vulnerability may allow an attacker to bypass certain security features, implemented in Microsoft Office products, and take advantage of other vulnerabilities.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Office: 2010 Service Pack 2 - 2016
Microsoft Excel: 2010 Service Pack 2 - 2016
Microsoft PowerPoint: 2010 Service Pack 2 - 2013 Service Pack 1
Microsoft Word: 2010 Service Pack 2 - 2016
Word Automation Services on Microsoft SharePoint Server: 2010 Service Pack 2
Microsoft Office Web Apps: 2010 Service Pack 2
CPE2.3http://technet.microsoft.com/en-us/library/security/MS16-088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU133
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3280
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionA remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Office: 2007 - 2013
Microsoft Word: 2010 Service Pack 2 - 2013 Service Pack 1
Microsoft Word for Mac: 2011 - 2016
Microsoft Office for Mac: 2011 - 2016
Microsoft Office Compatibility Pack: Service Pack 3
CPE2.3http://technet.microsoft.com/en-us/library/security/MS16-088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU134
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3281
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionA remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Office: 2007 - 2016
Microsoft Office for Mac: 2011 - 2016
Microsoft Word: 2010 Service Pack 2 - 2016
Microsoft Word for Mac: 2011 - 2016
Word Automation Services on Microsoft SharePoint Server: 2010 Service Pack 2
Microsoft Office Web Apps: 2010 Service Pack 2
CPE2.3http://technet.microsoft.com/en-us/library/security/MS16-088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU135
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3282
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionA remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
Install updates from Microsoft website.
Vulnerable software versionsMicrosoft Office: 2007 - 2016
Microsoft Office for Mac: 2011 - 2016
Microsoft Word: 2007 Service Pack 3 - 2016
Microsoft Word for Mac: 2011 - 2016
Microsoft Office Compatibility Pack: Service Pack 3
Word Automation Services on Microsoft SharePoint Server: 2010 Service Pack 2 - 2013 Service Pack 1
Microsoft SharePoint Server: 2016
Microsoft Office Web Apps: 2010 Service Pack 2 - 2013 Service Pack 1
Office Online Server: 1.0
CPE2.3http://technet.microsoft.com/en-us/library/security/MS16-088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU136
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3283
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionA remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word Viewer. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Word: Viewer
CPE2.3 External linkshttp://technet.microsoft.com/en-us/library/security/MS16-088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU137
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionA remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Excel. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user. MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Office: 2007 - 2016
Microsoft Office for Mac: 2011 - 2016
Microsoft Office Compatibility Pack: Service Pack 3
Microsoft Excel: Viewer - 2016
Microsoft Excel for Mac: 2011 - 2016
CPE2.3http://technet.microsoft.com/en-us/library/security/MS16-088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.