Security feature bypass vulnerability in Microsoft products - CVE-2016-3279
Published: July 14, 2016 / Updated: February 6, 2017
Microsoft Office
Microsoft Excel
Microsoft PowerPoint
Microsoft Word
Microsoft Office Web Apps
Word Automation Services on Microsoft SharePoint Server
Microsoft
Description
A remote attacker can bypass certain security restrictions.
The vulnerability exists due to an error when parsing file formats. A remote attacker can bypass certain security restrictions.
Successful exploitation of this vulnerability may allow an attacker to bypass certain security features, implemented in Microsoft Office products, and take advantage of other vulnerabilities.
Remediation
To resolve this vulnerability vendor recommends installing the following updates:
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT
Use Windows Update to obtain the patch.
Microsoft Office 2016
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
SharePoint Software
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2