2016-05-10 This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities addressed in this bulletin:
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
CVE-2016-0126
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
CVE-2016-0140
Microsoft Office Graphics RCE Vulnerability
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2016-0183
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
CVE-2016-0198

Bulletin details at Microsoft.com

Related CVE Entries

Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
70.05%
Published
2016-05-11
Updated
2018-10-30
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
70.05%
Published
2016-05-11
Updated
2018-10-12
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."
Max CVSS
9.3
EPSS Score
11.36%
Published
2016-05-11
Updated
2018-10-12
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
70.05%
Published
2016-05-11
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!