94769

1037441

MS16-148

The Microsoft Office application or Microsoft Office Services and Web Apps installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

  - An arbitrary command execution vulnerability exists in     Microsoft Office due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this by convincing a user to open a     specially crafted Office file, resulting in a bypass of     security restrictions and the execution of arbitrary     commands. (CVE-2016-7262)

  - Multiple remote code execution vulnerabilities exist in     Microsoft Office software due to a failure to properly     handle objects in memory. An unauthenticated, remote     attacker can exploit these vulnerabilities by convincing     a user to open a specially crafted Office file,     resulting in the execution of arbitrary code in the     context of the current user. (CVE-2016-7263,     CVE-2016-7277, CVE-2016-7289, CVE-2016-7298)

  - Multiple information disclosure vulnerabilities exist in     Microsoft Office software due to an out-of-bounds memory     read error. An unauthenticated, remote attacker can     exploit these vulnerabilities by convincing a user to     open a specially crafted Office file, resulting in the     disclosure of memory contents. (CVE-2016-7264,     CVE-2016-7265, CVE-2016-7268, CVE-2016-7276,     CVE-2016-7290, CVE-2016-7291)

  - An arbitrary command execution vulnerability exists in     Microsoft Office due to improper validation of registry     settings when running embedded content. An     unauthenticated, remote attacker can exploit this by     convincing a user to open a specially crafted document     file multiple times, resulting in a bypass of security     restrictions and the execution of arbitrary commands.
    (CVE-2016-7266)

  - A security bypass vulnerability exists in Microsoft     Office due to improper parsing of file formats. An     unauthenticated, remote attacker can exploit this by     convincing a user to open a specially crafted Office     file, resulting in a bypass security restrictions.
    (CVE-2016-7267)

  - An elevation of privilege vulnerability exists in     Microsoft Office due to improper validation before     loading libraries. A local attacker can exploit this,     via a specially crafted application, to gain elevated     privileges. (CVE-2016-7275)

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     Graphics Device Interface (GDI) component due to     improper handling of objects in memory. A local attacker     can exploit this, via a specially crafted application,     to circumvent the Address Space Layout Randomization     (ASLR) feature and disclose sensitive memory     information. (CVE-2016-7257)

  - Multiple remote code execution vulnerabilities exist in     Microsoft Office software due to a failure to properly     handle objects in memory. An unauthenticated, remote     attacker can exploit these vulnerabilities by convincing     a user to open a specially crafted Office file,     resulting in the execution of arbitrary code in the     context of the current user. (CVE-2016-7263,     CVE-2016-7298)

  - Multiple information disclosure vulnerabilities exist in     Microsoft Office software due to an out-of-bounds memory     read error. An unauthenticated, remote attacker can     exploit these vulnerabilities by convincing a user to     open a specially crafted Office file, resulting in the     disclosure of memory contents. (CVE-2016-7264,     CVE-2016-7268, CVE-2016-7276, CVE-2016-7290,     CVE-2016-7291)

  - An arbitrary command execution vulnerability exists in     Microsoft Office due to improper validation of registry     settings when running embedded content. An     unauthenticated, remote attacker can exploit this by     convincing a user to open a specially crafted document     file multiple times, resulting in a bypass of security     restrictions and the execution of arbitrary commands.
    (CVE-2016-7266)

  - An elevation of privilege vulnerability exists in the     Microsoft AutoUpdate (MAU) application due to improper     validation of updates. A local attacker can exploit this     by placing a specially crafted application in a location     used by the update application, resulting in the ability     to execute arbitrary code in a privileged context.
    (CVE-2016-7300)

ID	Name	Product	Family	Severity
95811	MS16-148: Security Update for Microsoft Office (3204068)	Nessus	Windows : Microsoft Bulletins	high
95810	MS16-148: Security Update for Microsoft Office (3204068) (macOS)	Nessus	MacOS X Local Security Checks	high

CVE-2016-7264

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high