13 Sep 2016
CVE-2016-3357 Vulnerability
Publié par . Publié dans Memory corruption
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." (CVSS:0.0) (Last Update:2016-09-14)
Vulnerability Details : Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." Publish Date : 2016-09-14 Last Update Date : 2016-09-14 - CVSS Scores & Vulnerability Types CVSS Score | 0.0 | Confidentiality Impact | ??? | Integrity Impact | ??? | Availability Impact | ??? | Access Complexity | ??? | Authentication | ??? | Gained Access | None | Vulnerability Type(s) | Execute CodeMemory corruption | CWE ID | CWE id is not defined for this vulnerability | | | - Products Affected By CVE-2016-3357 # | Product Type | Vendor | Product | Version | Update | Edition | Language | | No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. | - References For CVE-2016-3357 http://technet.microsoft.com/en-us/security/bulletin/ms16-107 Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities addressed in this bulletin:
- Microsoft APP-V ASLR Bypass
- Microsoft Information Disclosure Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory CoRelease Date:2016-08-09
| | |
- Metasploit Modules Related To CVE-2016-3357There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
| |