Detections
Analytics

MS16-099: Security Update for Microsoft Office (3177451)

high Nessus Plugin ID 92839

Language:

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

 - Multiple memory corruption issues exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these issues, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-3313, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318)

 - An information disclosure vulnerability exists in Microsoft OneNote due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted OneNote file, to disclose sensitive memory contents.
 (CVE-2016-3315)

Solution

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft OneNote 2007, 2010, 2013, 2013 RT, and 2016;
Microsoft Outlook 2007, 2010, 2013, and 2016; and Word Viewer.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-099

Plugin Details

Severity: High

ID: 92839

File Name: smb_nt_ms16-099.nasl

Version: 1.10

Type: local

Agent: windows

Published: 8/10/2016

Updated: 2/17/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-3318

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:word, cpe:/a:microsoft:onenote, cpe:/a:microsoft:word_viewer, cpe:/a:microsoft:outlook

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/9/2016

Vulnerability Publication Date: 8/9/2016

Reference Information

CVE: CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318

BID: 92289, 92294, 92300, 92303, 92308