MS16-054 Security Update for Microsoft Office
2016-05-10 This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Microsoft Office Memory Corruption Vulnerability
- A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
CVE-2016-0126 - Microsoft Office Memory Corruption Vulnerability
- A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
CVE-2016-0140 - Microsoft Office Graphics RCE Vulnerability
- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2016-0183 - Microsoft Office Memory Corruption Vulnerability
- A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
CVE-2016-0198
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
70.05%
Published
2016-05-11
Updated
2018-10-30
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
70.05%
Published
2016-05-11
Updated
2018-10-12
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."
Max CVSS
9.3
EPSS Score
11.36%
Published
2016-05-11
Updated
2018-10-12
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
70.05%
Published
2016-05-11
Updated
2018-10-12