13 Sep 2016
CVE-2016-3360 Vulnerability
Publié par . Publié dans Memory corruption
Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." (CVSS:0.0) (Last Update:2016-09-14)
Vulnerability Details : Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." Publish Date : 2016-09-14 Last Update Date : 2016-09-14 - CVSS Scores & Vulnerability Types CVSS Score | 0.0 | Confidentiality Impact | ??? | Integrity Impact | ??? | Availability Impact | ??? | Access Complexity | ??? | Authentication | ??? | Gained Access | None | Vulnerability Type(s) | Execute CodeMemory corruption | CWE ID | CWE id is not defined for this vulnerability | | | - Products Affected By CVE-2016-3360 # | Product Type | Vendor | Product | Version | Update | Edition | Language | | No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. | - References For CVE-2016-3360 http://technet.microsoft.com/en-us/security/bulletin/ms16-107 Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities addressed in this bulletin:
- Microsoft APP-V ASLR Bypass
- Microsoft Information Disclosure Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory Corruption Vulnerability
- Microsoft Office Memory CoRelease Date:2016-08-09
| | |
- Metasploit Modules Related To CVE-2016-3360There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
| |