JSON View XML View

Key Value
MTID M114556
Title (MS16-107) Microsoft Office Memory Corruption Remote Code Execution X (3185852)
Description A vulnerability in some versions of Microsoft Office could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Office could lead to remote code execution.

The flaw lies in a memory corruption error. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-107

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-133
- Microsoft Excel 2010 32-Bit Edition: KB3118390
- Microsoft Excel 2010 64-Bit Edition: KB3118390
- Microsoft Excel 2013 32-Bit Edition: KB3127921
- Microsoft Excel 2013 64-Bit Edition: KB3127921
- Microsoft Excel 2016 32-Bit Edition: KB3127904
- Microsoft Excel 2016 64-Bit Edition: KB3127904
- Microsoft Office 2007 suites: KB3118396
- Microsoft Office Compatibility Pack Service Pack 3: KB3127889
- Microsoft Office Excel 2007: KB3118395
- Microsoft Office Excel Viewer 2007: KB3127893
- Microsoft Office Web Apps Server 2013 farm-deployment: KB3127929
- Microsoft PowerPoint 2010 32-Bit Edition: KB3118378
- Microsoft PowerPoint 2010 64-Bit Edition: KB3118378
- Microsoft PowerPoint Viewer 2010 32-Bit Edition: KB3118382
- Microsoft SharePoint Enterprise Server 2013 farm-deployment: KB3127927
- Microsoft SharePoint Server 2010 farm-deployment: KB3118381
- Microsoft SharePoint Server 2010 farm-deployment: KB3127950
- Microsoft Web Applications farm-deployment: KB3127954

The patches for the following products are superseded by patches provided in: MS16-121
- Microsoft Office Online Server farm-deployment: KB3127897

https://technet.microsoft.com/library/security/MS16-133
https://technet.microsoft.com/library/security/MS16-121

Vendor Microsoft
Attack Vector Website or e-mail with malicious content
Importance 5
Impact 10.00084536000
Threat Score 9.33
Labels
Patch Tuesday
References
CVECVE-2016-3381
MSFTBulletinMS16-107
MSFTQNumber3185852
DISA IAVA2016-A-0243
MTIDM114556
CPEs
cpe:/a:microsoft:excel_viewer
cpe:/a:microsoft:office:2007:sp3
cpe:/a:microsoft:office:2010:sp2:x64
cpe:/a:microsoft:office:2010:sp2
cpe:/a:microsoft:office_compatibility_pack::sp3
cpe:/a:microsoft:office:2013:sp1:x64
cpe:/a:microsoft:office:2013:sp1
cpe:/a:microsoft:office:2016
cpe:/a:microsoft:office:2016::x64
Created At 2016-09-13 00:00:00 UTC
Updated At 2016-11-19 10:32:26 UTC

Back