CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.0%
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Below is a complete list of vulnerabilities
Technical details
To mitigate vulnerability (2) user can prevent Office from opening RTF documents from unknown or untrusted sources or prevent Word from loading RTF documents. For further instructions take a look at original advisory listed below.
CVE-2016-0183 critical
CVE-2016-0126 critical
CVE-2016-0140 critical
CVE-2016-0198 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/2984938
support.microsoft.com/kb/2984943
support.microsoft.com/kb/3054984
support.microsoft.com/kb/3101520
support.microsoft.com/kb/3114893
support.microsoft.com/kb/3115016
support.microsoft.com/kb/3115025
support.microsoft.com/kb/3115094
support.microsoft.com/kb/3115103
support.microsoft.com/kb/3115115
support.microsoft.com/kb/3115116
support.microsoft.com/kb/3115117
support.microsoft.com/kb/3115121
support.microsoft.com/kb/3115123
support.microsoft.com/kb/3115124
support.microsoft.com/kb/3115132
support.microsoft.com/kb/3115464
support.microsoft.com/kb/3115465
support.microsoft.com/kb/3115479
support.microsoft.com/kb/3115480
support.microsoft.com/kb/3155776
support.microsoft.com/kb/3155777
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0126
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0140
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0183
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0198
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Office/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.0%