Lucene search

Kaspersky LabKLA10884

HistoryOct 11, 2016 - 12:00 a.m.

KLA10884 Code execution vulnerability in Microsoft Office

2016-10-1100:00:00

Kaspersky Lab

threats.kaspersky.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.746 High

EPSS

Percentile

98.2%

JSON

An improper RTF handling was found in Microsoft Office. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed file.

Original advisories

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Office

CVE list

CVE-2016-3263 warning

CVE-2016-3209 warning

CVE-2016-3262 warning

CVE-2016-7182 critical

CVE-2016-3396 critical

CVE-2016-7193 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

Microsoft Word 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Word 2013 Service Pack 1Microsoft Office 2013 RT Service Pack 1Microsoft Word 2016Microsoft Word for Mac 2011Microsoft Word 2016 for MacMicrosoft Office Compatibility Pack Service Pack 3Microsoft Word ViewerSharePoint Server 2010 Service Pack 2SharePoint Server 2013 Service Pack 1Microsoft Office Web Apps 2010 Service Pack 2Microsoft Office Web Apps 2013 Service Pack 1Office Online Server