Multiple Microsoft Office Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.
In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file.
In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.

An attacker would have no way to force users to visit the website.
Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.
Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-7298.
The security update addresses the vulnerabilities by correcting how Office handles objects in memory.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7263

No

No

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7277

No

No

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7289

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for these vulnerabilities.

Workarounds
Microsoft has not identified any workarounds for these vulnerabilities.

Uniscribe Remote Code Execution Vulnerability CVE-2016-7274
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory.

An attacker who successfully exploited this vulnerability could take control of the affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit this vulnerability.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website.

An attacker would have no way to force users to view the attacker-controlled content.
Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.
In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.
The security update addresses these vulnerabilities by correcting how the Windows Uniscribe handles objects in the memory.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Uniscribe Remote Code Execution Vulnerability

CVE-2016-7274

No

No

Mitigating Factors
Microsoft has not identified any mitigating factor for this vulnerability.

Workarounds
Microsoft has not identified any workarounds for this vulnerability.

Microsoft Office OLE DLL Side Loading Vulnerability – CVE-2016-7275
A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading libraries.

An attacker who successfully exploited the vulnerability could take control of an affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.
The security update addresses the vulnerability by correcting how Microsoft Office validates input before loading libraries.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Microsoft Office OLE DLL Side Loading Vulnerability

CVE-2016-7275

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds
Microsoft has not identified any workarounds for this vulnerability.

Microsoft Office Security Feature Bypass Vulnerability – CVE-2016-7267
A security feature bypass vulnerability exists in Microsoft Office software when the Office software improperly handles the parsing of file formats.

The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability, to take advantage of the security feature bypass vulnerability and run arbitrary code.
To exploit the vulnerability would require that an attacker convince a user to open a specially crafted file with an affected version of Microsoft Office software.
The security update addresses the vulnerability by correcting how Office software handles the parsing of file formats.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Microsoft Office Security Feature Bypass Vulnerability

CVE-2016-7267

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds
Microsoft has not identified any workarounds for this vulnerability.

Microsoft Office Security Feature Bypass Vulnerability – CVE-2016-7262
A security feature bypass vulnerability exists when Microsoft Office improperly handles input.

An attacker who successfully exploited the vulnerability could execute arbitrary commands.
In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file and interact with the document by clicking on a specific cell.
The update addresses the vulnerability by correcting how Microsoft Office handles input.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Microsoft Office Security Feature Bypass Vulnerability

CVE-2016-7262

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds
Microsoft has not identified any workarounds for this vulnerability.

Microsoft Office Security Feature Bypass Vulnerability – CVE-2016-7266
A security feature bypass vulnerability exists when Microsoft Office improperly checks registry settings when an attempt is made to run embedded content.

An attacker who successfully exploited the vulnerability could execute arbitrary commands.
In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to attempt to open the document multiple times.
The update addresses the vulnerability by correcting how Microsoft Office checks registry settings when a user attempts to open or execute embedded content.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Microsoft Office Security Feature Bypass Vulnerability

CVE-2016-7266

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds
Microsoft has not identified any workarounds for this vulnerability.

GDI Information Disclosure Vulnerability – CVE-2016-7257
An information disclosure vulnerability exists when Microsoft Office fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass.

An attacker who successfully exploited this vulnerability could cause an information disclosure to bypass the ASLR security feature that protects users from a broad class of vulnerabilities.
The security feature bypass itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.
To exploit this vulnerability, an attacker could convince a use to run a specially crafted application.

The security update addresses the vulnerability by correcting how Microsoft Office handles addresses in memory.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

GDI Information Disclosure Vulnerability

CVE-2016-7257

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds
Microsoft has not identified any workarounds for this vulnerability.

Multiple Microsoft Office Information Disclosure Vulnerabilities
Multiple information disclosure vulnerabilities exist when affected Microsoft Office software reads out of bound memory, which could disclose the contents of memory.

An attacker who successfully exploited the vulnerabilities could view out of bound memory.
Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.
The security update addresses the vulnerabilities by properly initializing affected variables.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7264

No

No

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7265

No

No

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7268

No

No

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7276

No

No

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7290

No

No

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7291

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for these vulnerabilities.

Workarounds
Microsoft has not identified any workarounds for these vulnerabilities.

Microsoft (MAU) Office Elevation of Privilege Vulnerability – CVE-2016-7300
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them.

An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges.

To exploit the vulnerability, the attacker could place a crafted executable in a specific location used by the update application to execute arbitrary code in a privileged context.
This update addresses the vulnerability by ensuring that the Microsoft AutoUpdate (MAU) for Mac properly validates packages prior to installing them.
The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

Microsoft (MAU) Office Elevation of Privilege Vulnerability

CVE-2016-7300

No

No

Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds
Microsoft has not identified any workarounds for this vulnerability.

Leave a Reply