MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (3124585)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Word, Word
Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint, Visual
Basic, or Microsoft Office Compatibility Pack installed that is
affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities exist in
Microsoft SharePoint due to improper enforcement of
Access Control Policy (ACP) configuration settings. A
remote attacker can exploit these vulnerabilities, via a
specially crafted request, to execute arbitrary script
code in a user's browser session. (CVE-2015-6117,
CVE-2016-0011)

- Multiple remote code execution vulnerabilities exist in
Microsoft Office due to improper handling of objects in
memory. An attacker can exploit these vulnerabilities by
convincing a user to open a specially crafted file in
Microsoft Office, resulting in execution of arbitrary
code in the context of the current user. (CVE-2016-0010,
CVE-2016-0035)

- An information disclosure vulnerability exists in
Microsoft Office due to a failure to use the Address
Space Layout Randomization (ASLR) security feature. An
attacker can exploit this to predict memory offsets of
specific instructions in a call stack. (CVE-2016-0012)

See also :

https://technet.microsoft.com/library/security/ms16-004

Solution :

Microsoft has released a set of patches for Office 2007, 2010, 2013,
2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, PowerPoint,
Visio, SharePoint Server 2013, SharePoint Foundation 2013, Microsoft
Office Compatibility Pack, and Visual Basic 6.0 Runtime.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 87882 ()

Bugtraq ID: 80028
80029
80030
80031
80032

CVE ID: CVE-2015-6117
CVE-2016-0010
CVE-2016-0011
CVE-2016-0012
CVE-2016-0035

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now