#VU133 Memory corruption vulnerability in Microsoft products - CVE-2016-3280
Published: July 14, 2016 / Updated: February 3, 2017
Microsoft Office
Microsoft Word
Microsoft Word for macOS
Microsoft Office for macOS
Microsoft Office Compatibility Pack
Microsoft
Description
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
Remediation
To resolve this vulnerability vendor recommends installing the following updates:
Microsoft Office 2007
Microsoft Word 2007 Service Pack 3
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT
Use Windows Update to obtain the patch.
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Other Office Software
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer