SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Office Vendors:   Microsoft
Microsoft Office Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information from Memory, and Cause Denial of Service Conditions
SecurityTracker Alert ID:  1037246
SecurityTracker URL:  http://securitytracker.com/id/1037246
CVE Reference:   CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7233, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7244, CVE-2016-7245   (Links to External Site)
Updated:  Nov 18 2016
Original Entry Date:  Nov 8 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2007, 2010, 2013, 2013 RT, 2016; Office for Mac 2011, Office 2016 for Mac; Office Web Apps 2010, 2013
Description:   Multiple vulnerabilities were reported in Microsoft Office. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can create a specially crafted file that, when loaded by the target user via Microsoft Office or Word, will exploit an uninitialized variable and obtain information from memory [CVE-2016-7233].

A remote user can create a specially crafted file that, when loaded by the target user via Microsoft Office or Word, will trigger a memory corruption error and execute arbitrary code on the target user's system [CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7245].

A remote user can create a specially crafted file that, when loaded by the target user, will cause Microsoft Office to stop responding [CVE-2016-7244].

Dmitri Kaslov, Independent Security Researcher, Haifei Li, JChen of Palo Alto Networks, Rocco Calvi and Steven Seeley of Source Incite (via VERISIGN Defense), and Steven Vittitoe of Google Project Zero reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix.

Microsoft Excel 2007 Service Pack 3:

https://www.microsoft.com/downloads/details.aspx?familyid=011ed6a4-8eba-4c2b-a90a-eb9ab5147058

Microsoft Word 2007:

https://www.microsoft.com/downloads/details.aspx?familyid=2228787d-6dca-4599-8683-f3db9b31ee52

Microsoft Office 2010 Service Pack 2 (32-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=6738bf6c-8317-4f65-ab6c-445426590465

Microsoft Office 2010 Service Pack 2 (64-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=bdf1de31-23e0-4825-b8fc-afbfce89e886

Microsoft Excel 2010 Service Pack 2 (32-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=bff15a3a-7b5a-4405-a1eb-e366ca074e50

Microsoft Excel 2010 Service Pack 2 (64-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=e08495b0-aa17-4b60-854f-849a93ab3571

Microsoft Word 2010 Service Pack 2 (32-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=ee6b96bc-4795-4f16-8bbb-0cd8560df286

Microsoft Word 2010 Service Pack 2 (64-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=17a90a47-583c-4c05-9e4f-b73a9e436f66

Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=3305d937-9bd9-4311-813c-4666e0346aa4

Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=d1bb4c42-dc62-400f-b00f-5022d5810397

Microsoft Excel 2013 Service Pack 1 (32-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=55c2298e-e21c-435f-a6c3-4eef8dcf3a5e

Microsoft Excel 2013 Service Pack 1 (64-bit editions):

https://www.microsoft.com/downloads/details.aspx?familyid=992735dc-943e-4f8a-898f-1e1a8c1e9460

Microsoft Excel 2016 (32-bit edition):

https://www.microsoft.com/downloads/details.aspx?familyid=c68fa15a-c7ea-49d0-bf11-68fafcb00902

Microsoft Excel 2016 (64-bit edition):

https://www.microsoft.com/downloads/details.aspx?familyid=5643c954-fad8-478e-ae72-2ac8c042a873

Microsoft Office Compatibility Pack Service Pack 3 (3127889):

https://www.microsoft.com/downloads/details.aspx?familyid=f5a8a4ad-986d-48eb-8d17-343e6fe20c40

Microsoft Office Compatibility Pack Service Pack 3 (3127948):

https://www.microsoft.com/downloads/details.aspx?familyid=ff5a87e3-4994-4285-ba24-5557f674397f

Microsoft Excel Viewer:

https://www.microsoft.com/downloads/details.aspx?familyid=a8484f6a-78fc-4027-af5a-a1c8aea44266

Microsoft PowerPoint Viewer:

https://www.microsoft.com/downloads/details.aspx?familyid=c03f20f4-2198-4b0f-ab94-4b69ea489637

[On November 15, 2016, Microsoft issued a fix for Office for Mac 2011 and Office 2016 for Mac.]

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-133

Vendor URL:  technet.microsoft.com/library/security/ms16-133 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 9 2016 (Microsoft Issues Fix for Microsoft SharePoint) Microsoft Office Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information from Memory, and Cause Denial of Service Conditions
Microsoft has issued a fix for Microsoft SharePoint Server 2010 and 2013.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC