JSON View XML View

Key Value
MTID M114565
Title (MS16-107) Microsoft Office Certificate Export Information Disclosure (3185852)
Description A vulnerability in some versions of Microsoft Office could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Office could lead to information disclosure.

The flaw lies in the export of user certificates when the files are saved. Successful exploitation could allow an attacker to obtain sensitive information. The exploit requires the user to open a malicious file.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-107

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-133
- Microsoft Excel 2010 32-Bit Edition: KB3118390
- Microsoft Excel 2010 64-Bit Edition: KB3118390
- Microsoft Excel 2013 32-Bit Edition: KB3127921
- Microsoft Excel 2013 64-Bit Edition: KB3127921
- Microsoft Excel 2016 32-Bit Edition: KB3127904
- Microsoft Excel 2016 64-Bit Edition: KB3127904
- Microsoft Office 2007 suites: KB3118396
- Microsoft Office Compatibility Pack Service Pack 3: KB3127889
- Microsoft Office Excel 2007: KB3118395
- Microsoft Office Excel Viewer 2007: KB3127893
- Microsoft Office Web Apps Server 2013 farm-deployment: KB3127929
- Microsoft PowerPoint 2010 32-Bit Edition: KB3118378
- Microsoft PowerPoint 2010 64-Bit Edition: KB3118378
- Microsoft PowerPoint Viewer 2010 32-Bit Edition: KB3118382
- Microsoft SharePoint Enterprise Server 2013 farm-deployment: KB3127927
- Microsoft SharePoint Server 2010 farm-deployment: KB3118381
- Microsoft SharePoint Server 2010 farm-deployment: KB3127950
- Microsoft Web Applications farm-deployment: KB3127954

The patches for the following products are superseded by patches provided in: MS16-121
- Microsoft Office Online Server farm-deployment: KB3127897

https://technet.microsoft.com/library/security/MS16-133
https://technet.microsoft.com/library/security/MS16-121

Vendor Microsoft
Attack Vector Maliciously Crafted File
Importance 5
Impact 2.8627500
Threat Score 4.3
Labels
Patch Tuesday
References
CVECVE-2016-0141
MSFTBulletinMS16-107
MSFTQNumber3185852
DISA IAVA2016-A-0243
MTIDM114565
CPEs
cpe:/a:microsoft:office:2007:sp3
cpe:/a:microsoft:office:2010:sp2:x64
cpe:/a:microsoft:office:2010:sp2
cpe:/a:microsoft:office:2013:sp1:x64
cpe:/a:microsoft:office:2013:sp1
cpe:/a:microsoft:office:2016
cpe:/a:microsoft:office:2016::x64
Created At 2016-09-13 00:00:00 UTC
Updated At 2016-11-19 10:32:25 UTC

Back