MS16-148: Security Update for Microsoft Office (3204068)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The Microsoft Office application or Microsoft Office Services and Web
Apps installed on the remote Windows host is missing a security
update. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary command execution vulnerability exists in
Microsoft Office due to improper validation of
user-supplied input. An unauthenticated, remote attacker
can exploit this by convincing a user to open a
specially crafted Office file, resulting in a bypass of
security restrictions and the execution of arbitrary
commands. (CVE-2016-7262)

- Multiple remote code execution vulnerabilities exist in
Microsoft Office software due to a failure to properly
handle objects in memory. An unauthenticated, remote
attacker can exploit these vulnerabilities by convincing
a user to open a specially crafted Office file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2016-7263,
CVE-2016-7277, CVE-2016-7289, CVE-2016-7298)

- Multiple information disclosure vulnerabilities exist in
Microsoft Office software due to an out-of-bounds memory
read error. An unauthenticated, remote attacker can
exploit these vulnerabilities by convincing a user to
open a specially crafted Office file, resulting in the
disclosure of memory contents. (CVE-2016-7264,
CVE-2016-7265, CVE-2016-7268, CVE-2016-7276,
CVE-2016-7290, CVE-2016-7291)

- An arbitrary command execution vulnerability exists in
Microsoft Office due to improper validation of registry
settings when running embedded content. An
unauthenticated, remote attacker can exploit this by
convincing a user to open a specially crafted document
file multiple times, resulting in a bypass of security
restrictions and the execution of arbitrary commands.
(CVE-2016-7266)

- A security bypass vulnerability exists in Microsoft
Office due to improper parsing of file formats. An
unauthenticated, remote attacker can exploit this by
convincing a user to open a specially crafted Office
file, resulting in a bypass security restrictions.
(CVE-2016-7267)

- An elevation of privilege vulnerability exists in
Microsoft Office due to improper validation before
loading libraries. A local attacker can exploit this,
via a specially crafted application, to gain elevated
privileges. (CVE-2016-7275)

See also :

https://technet.microsoft.com/library/security/MS16-148

Solution :

Microsoft has released a set of patches for Microsoft Office 2007,
2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013,
2013 RT, and 2016; Microsoft Word 2007, 2010; Microsoft Publisher 2010
Office Compatibility Pack; Excel Viewer; Word Viewer; Microsoft
SharePoint Server 2007 and 2010; and Office Web Apps 2010.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now