CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.0%
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.
Below is a complete list of vulnerabilities
Technical details
To mitigate these vulnerabilities you can disable OLE package function in Outlook. For further instructions take a look at MS16-029 advisory.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2016-0021 critical
CVE-2016-0057 high
CVE-2016-0134 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
support.microsoft.com/kb/2880510
support.microsoft.com/kb/2956063
support.microsoft.com/kb/2956110
support.microsoft.com/kb/3039746
support.microsoft.com/kb/3114414
support.microsoft.com/kb/3114426
support.microsoft.com/kb/3114690
support.microsoft.com/kb/3114812
support.microsoft.com/kb/3114814
support.microsoft.com/kb/3114821
support.microsoft.com/kb/3114824
support.microsoft.com/kb/3114829
support.microsoft.com/kb/3114833
support.microsoft.com/kb/3114855
support.microsoft.com/kb/3114861
support.microsoft.com/kb/3114866
support.microsoft.com/kb/3114873
support.microsoft.com/kb/3114878
support.microsoft.com/kb/3114880
support.microsoft.com/kb/3114883
support.microsoft.com/kb/3114900
support.microsoft.com/kb/3114901
support.microsoft.com/kb/3138327
support.microsoft.com/kb/3138328
support.microsoft.com/kb/3141806
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0021
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0057
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0134
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Office/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.0%