Memory corruption vulnerability in Microsoft products - CVE-2016-3282
Published: July 14, 2016 / Updated: February 3, 2017
Microsoft Office
Microsoft Office for macOS
Microsoft Word
Microsoft Word for macOS
Microsoft Office Compatibility Pack
Microsoft Office Web Apps
Word Automation Services on Microsoft SharePoint Server
Office Online Server
Microsoft SharePoint Server
Microsoft
Description
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
Remediation
To resolve this vulnerability vendor recommends installing the following updates:
Microsoft Office 2007
Microsoft Word 2007 Service Pack 3
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT
Use Windows Update to obtain the patch.
Microsoft Office 2016
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Other Office Software
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer