MS16-088: Security Update for Microsoft Office (3170008)

high Nessus Plugin ID 92019

Language:

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-3278, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284)

- A remote code execution vulnerability exists in Microsoft Office software due to improper handling of XLA files. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted XLA file in Office, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-3279)

Solution

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016;
Microsoft Outlook 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2010, 2013, and 2013 RT; Excel Viewer; Word Viewer; Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013; Microsoft SharePoint Server 2010, 2013 and 2016; Microsoft SharePoint Foundation 2010 and 2013; and Office Online Server.

Plugin Details

Severity: High

ID: 92019

File Name: smb_nt_ms16-088.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows : Microsoft Bulletins

Published: 7/12/2016

Updated: 2/17/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:word, cpe:/a:microsoft:excel, cpe:/a:microsoft:word_viewer, cpe:/a:microsoft:excel_viewer, cpe:/a:microsoft:powerpoint, cpe:/a:microsoft:outlook, cpe:/a:microsoft:office_compatibility_pack, cpe:/a:microsoft:office_web_apps, cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:sharepoint_foundation, cpe:/a:microsoft:office_online_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 7/12/2016

Vulnerability Publication Date: 7/12/2016

Reference Information

CVE: CVE-2016-3278, CVE-2016-3279, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284

BID: 91574, 91582, 91587, 91588, 91589, 91592

IAVA: 2016-A-0176-S

MSFT: MS16-088

MSKB: 3114890, 3115114, 3115118, 3115246, 3115254, 3115259, 3115262, 3115272, 3115279, 3115285, 3115289, 3115292, 3115294, 3115299, 3115301, 3115306, 3115308, 3115309, 3115311, 3115312, 3115315, 3115317, 3115318, 3115322, 3115386, 3115393, 3115395

Detections

Analytics