MS16-148: Security Update for Microsoft Office (3204068) (macOS)
High Nessus Plugin ID 95810
SynopsisAn application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.
DescriptionThe Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-7257)
- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7298)
- Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291)
- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands.
- An elevation of privilege vulnerability exists in the Microsoft AutoUpdate (MAU) application due to improper validation of updates. A local attacker can exploit this by placing a specially crafted application in a location used by the update application, resulting in the ability to execute arbitrary code in a privileged context.
SolutionMicrosoft has released a set of patches for Microsoft Office for Mac 2011, Microsoft Office 2016 for Mac, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, Microsoft Word for Mac 2011, Microsoft Word 2016 for Mac, and Microsoft Auto Updater for Mac.