CVE-2016-3313 Microsoft Office Remote Code Execution Vulnerabilities (MS16-099)漏洞银行丨0day Bank

2016年8月10日 2597点热度 0人点赞 0条评论

漏洞信息

- Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

- An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents.

Microsoft has released a security update that addresses the vulnerabilities by correcting how:
- Office handles objects in memory
- Certain functions handle objects in memory
- Windows validates input before loading libraries

漏洞危害

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

解决方案

Refer to MS16-099 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-099: Microsoft Office 2007 Service Pack 3

MS16-099: Microsoft OneNote 2007 Service Pack 3

MS16-099: Microsoft Word 2007 Service Pack 3

MS16-099: Microsoft Office 2010 Service Pack 2 (32-bit editions)

MS16-099: Microsoft Office 2010 Service Pack 2 (64-bit editions)

MS16-099: Microsoft Office 2010 Service Pack 2 (32-bit editions)

MS16-099: Microsoft Office 2010 Service Pack 2 (64-bit editions)

MS16-099: Microsoft Office 2010 Service Pack 2 (32-bit editions)

MS16-099: Microsoft Office 2010 Service Pack 2 (64-bit editions)