CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS16-107 | Security Update for Microsoft Office (3185852) | Microsoft Office | Critical | 14-09-2016 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that the Click-to-Run (C2R) components handle objects in memory, which could lead to an Address Space Layout Randomization (ASLR) bypass.
An attacker who successfully exploited the information disclosure vulnerability could use the obtained information to bypass the ASLR security mechanism in Windows, which helps protect users from a broad class of vulnerabilities. The ASLR bypass by itself does not allow arbitrary code execution; however, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, that could leverage the ASLR bypass to run arbitrary code.
Microsoft Office 2007An attacker who successfully exploited the information disclosure vulnerability could use the obtained information to bypass the ASLR security mechanism in Windows, which helps protect users from a broad class of vulnerabilities. The ASLR bypass by itself does not allow arbitrary code execution; however, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, that could leverage the ASLR bypass to run arbitrary code.
Further information on this exploit is available at : MS16-107
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Affected Software
Microsoft Office 2007Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac