JSON View XML View

Key Value
MTID M113466
Title (MS16-099) Microsoft Office Memory Corruption Remote Code Execution I (3177451)
Description A vulnerability in some versions of Microsoft Office could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Office could lead to remote code execution.

The flaw occurs when the Office software fails to properly handle objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-099

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-107
- Microsoft Office 2010 32-Bit Edition: KB3118309
- Microsoft Office 2010 64-Bit Edition: KB3118309
- Microsoft Office 2013 32-Bit Edition: KB3118268
- Microsoft Office 2013 64-Bit Edition: KB3118268
- Microsoft Office 2016 32-Bit Edition: KB3118292
- Microsoft Office 2016 64-Bit Edition: KB3118292
- Microsoft Office Outlook 2007: KB3118303
- Microsoft Outlook 2010 32-Bit Edition: KB3118313
- Microsoft Outlook 2010 64-Bit Edition: KB3118313
- Microsoft Outlook 2013 32-Bit Edition: KB3118280
- Microsoft Outlook 2013 64-Bit Edition: KB3118280
- Microsoft Outlook 2016 32-Bit Edition: KB3118293
- Microsoft Outlook 2016 64-Bit Edition: KB3118293

The patches for the following products are superseded by patches provided in: MS16-133
- Microsoft Office 2010 32-Bit Edition: KB3127951
- Microsoft Office 2010 64-Bit Edition: KB3127951
- Microsoft Word 2010 32-Bit Edition: KB3127953
- Microsoft Word 2010 64-Bit Edition: KB3127953
- Microsoft Word 2013 32-Bit Edition: KB3127932
- Microsoft Word 2013 64-Bit Edition: KB3127932

The patches for the following products are superseded by patches provided in: MS16-121
- Microsoft Word 2016 32-Bit Edition: KB3118331
- Microsoft Word 2016 64-Bit Edition: KB3118331

https://technet.microsoft.com/library/security/MS16-107
https://technet.microsoft.com/library/security/MS16-133
https://technet.microsoft.com/library/security/MS16-121

Vendor Microsoft
Attack Vector Website or e-mail with malicious content
Importance 5
Impact 10.00084536000
Threat Score 9.33
Labels
Patch Tuesday
References
CVECVE-2016-3313
MSFTBulletinMS16-099
MSFTQNumber3177451
DISA IAVA2016-A-0203
MTIDM113466
CPEs
cpe:/a:microsoft:word:2007:sp3
cpe:/a:microsoft:office:2010:sp2:x64
cpe:/a:microsoft:office:2010:sp2:x86
cpe:/a:microsoft:office:2013:sp1:x86
cpe:/a:microsoft:office:2013:sp1:x64
cpe:/a:microsoft:office:2013:rt:sp1
cpe:/a:microsoft:office:2016
cpe:/a:microsoft:office:2016::x64
Created At 2016-08-09 00:00:00 UTC
Updated At 2016-11-19 10:30:59 UTC

Back