JSON View XML View

Key Value
MTID M114445
Title (MS16-107) Microsoft Office Memory Corruption Remote Code Execution VIII (3185852)
Description A vulnerability in some versions of Microsoft Office could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Office could lead to remote code execution.

The flaw lies in a memory corruption error. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-107

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-133
- Microsoft Excel 2010 32-Bit Edition: KB3118390
- Microsoft Excel 2010 64-Bit Edition: KB3118390
- Microsoft Excel 2013 32-Bit Edition: KB3127921
- Microsoft Excel 2013 64-Bit Edition: KB3127921
- Microsoft Excel 2016 32-Bit Edition: KB3127904
- Microsoft Excel 2016 64-Bit Edition: KB3127904
- Microsoft Office 2007 suites: KB3118396
- Microsoft Office Compatibility Pack Service Pack 3: KB3127889
- Microsoft Office Excel 2007: KB3118395
- Microsoft Office Excel Viewer 2007: KB3127893
- Microsoft Office Web Apps Server 2013 farm-deployment: KB3127929
- Microsoft PowerPoint 2010 32-Bit Edition: KB3118378
- Microsoft PowerPoint 2010 64-Bit Edition: KB3118378
- Microsoft PowerPoint Viewer 2010 32-Bit Edition: KB3118382
- Microsoft SharePoint Enterprise Server 2013 farm-deployment: KB3127927
- Microsoft SharePoint Server 2010 farm-deployment: KB3118381
- Microsoft SharePoint Server 2010 farm-deployment: KB3127950
- Microsoft Web Applications farm-deployment: KB3127954

The patches for the following products are superseded by patches provided in: MS16-121
- Microsoft Office Online Server farm-deployment: KB3127897

https://technet.microsoft.com/library/security/MS16-133
https://technet.microsoft.com/library/security/MS16-121

Vendor Microsoft
Attack Vector Website or e-mail with malicious content
Importance 5
Impact 10.00084536000
Threat Score 9.33
Labels
Patch Tuesday
References
CVECVE-2016-3364
MSFTBulletinMS16-107
MSFTQNumber3185852
DISA IAVA2016-A-0243
MTIDM114445
CPEs
cpe:/a:microsoft:office:2016
cpe:/a:microsoft:office:2016::x64
Created At 2016-09-13 00:00:00 UTC
Updated At 2016-11-19 10:32:32 UTC

Back