MS16-148: Security Update for Microsoft Office (3204068)

High Nessus Plugin ID 95811

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft Office application or Microsoft Office Services and Web Apps installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass of security restrictions and the execution of arbitrary commands. (CVE-2016-7262)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7277, CVE-2016-7289, CVE-2016-7298)

- Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7265, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291)

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands.
(CVE-2016-7266)

- A security bypass vulnerability exists in Microsoft Office due to improper parsing of file formats. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass security restrictions.
(CVE-2016-7267)

- An elevation of privilege vulnerability exists in Microsoft Office due to improper validation before loading libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2016-7275)

Solution

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010; Microsoft Publisher 2010 Office Compatibility Pack; Excel Viewer; Word Viewer; Microsoft SharePoint Server 2007 and 2010; and Office Web Apps 2010.

See Also

https://technet.microsoft.com/library/security/MS16-148

Plugin Details

Severity: High

ID: 95811

File Name: smb_nt_ms16-148.nasl

Version: 1.6

Type: local

Agent: windows

Published: 2016/12/14

Updated: 2019/11/13

Dependencies: 74250, 57033, 13855, 27524, 84669

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2016-7298

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:excel, cpe:/a:microsoft:excel_viewer, cpe:/a:microsoft:word, cpe:/a:microsoft:word_viewer, cpe:/a:microsoft:publisher, cpe:/a:microsoft:office_compatibility_pack, cpe:/a:microsoft:office_web_apps, cpe:/a:microsoft:sharepoint_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/12/13

Vulnerability Publication Date: 2016/12/13

Reference Information

CVE: CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298

BID: 94662, 94664, 94665, 94668, 94670, 94671, 94672, 94715, 94718, 94720, 94721, 94769