The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Office Access

vulnerability CVE-2016-7257 CVE-2016-7262 CVE-2016-7263

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 14/12/2016.
Identifiers: 3204068, CERTFR-2016-AVI-415, CVE-2016-7257, CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7274, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298-ERROR, CVE-2016-7300, MS16-148, VIGILANCE-VUL-21370.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7263]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7277]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7289]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21368). [severity:4/4; CVE-2016-7274, CVE-2016-7298-ERROR]

An attacker can use a vulnerability via OLE DLL, in order to run code. [severity:3/4; CVE-2016-7275]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7267]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7262]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7266]

An attacker can bypass security features via GDI, in order to obtain sensitive information. [severity:2/4; CVE-2016-7257]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7264]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7265]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7268]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7276]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7290]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7291]

An attacker can bypass security features via MAU, in order to escalate his privileges. [severity:2/4; CVE-2016-7300]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7213 CVE-2016-7228 CVE-2016-7229

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 09/11/2016.
Identifiers: 3199168, CERTFR-2016-AVI-375, CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7233, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7244, CVE-2016-7245, MS16-133, VIGILANCE-VUL-21073.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7233]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7213]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7228]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7229]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7230]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7231]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7232]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7235]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7236]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7245]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2016-7244]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7193

Microsoft Office: memory corruption via RTF

Synthesis of the vulnerability

An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.

Description of the vulnerability

The Microsoft Office product can open documents in RTF format.

However, a malicious document corrupts the Microsoft Office memory.

An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3209 CVE-2016-3262 CVE-2016-3263

Windows, .NET, Office, Skype, Lync, Silverlight: seven vulnerabilities via Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Silverlight, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/10/2016.
Identifiers: 3192884, 825, 829, 864, 868, CERTFR-2016-AVI-340, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393, CVE-2016-3396, CVE-2016-7182, MS16-120, VIGILANCE-VUL-20829.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3393]

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3396]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3209]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3262]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3263]

An attacker can bypass security features via True Type Font, in order to escalate his privileges. [severity:2/4; CVE-2016-7182]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3270]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-0137 CVE-2016-0141 CVE-2016-3357

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 13/09/2016.
Revision date: 21/09/2016.
Identifiers: 3185852, CERTFR-2016-AVI-309, CVE-2016-0137, CVE-2016-0141, CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016-3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3366, CVE-2016-3381, MS16-107, VIGILANCE-VUL-20592, ZDI-16-508.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Click-to-Run, in order to obtain sensitive information. [severity:1/4; CVE-2016-0137]

An attacker can bypass security features via Visual Basic Macros, in order to obtain sensitive information. [severity:2/4; CVE-2016-0141]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3357]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3358]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3359]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3360]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3361]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3362]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3363]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3364]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3365, ZDI-16-508]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3381]

An attacker can alter displayed information, in order to deceive the victim. [severity:2/4; CVE-2016-3366]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3313 CVE-2016-3315 CVE-2016-3316

Microsoft Office: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/08/2016.
Identifiers: 3177451, CERTFR-2016-AVI-270, COSIG-2016-31, COSIG-2016-32, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, MS16-099, VIGILANCE-VUL-20349, ZDI-16-451.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Microsoft OneNote, in order to obtain sensitive information. [severity:2/4; CVE-2016-3315]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3313]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3316]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3317]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3318, ZDI-16-451]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3278 CVE-2016-3279 CVE-2016-3280

Microsoft Office: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/07/2016.
Identifiers: 3170008, CERTFR-2016-AVI-231, CVE-2016-3278, CVE-2016-3279, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284, MS16-088, VIGILANCE-VUL-20084.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3281]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3282]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3284]

An attacker can use a vulnerability via an XLA file, in order to run code. [severity:3/4; CVE-2016-3279]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-0126 CVE-2016-0140 CVE-2016-0183

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/05/2016.
Identifiers: 3155544, CVE-2016-0126, CVE-2016-0140, CVE-2016-0183, CVE-2016-0198, MS16-054, VIGILANCE-VUL-19578.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0126]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0140]

An attacker can use a vulnerability in Microsoft Office Graphics, in order to run code. [severity:3/4; CVE-2016-0183]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0198]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0143 CVE-2016-0145 CVE-2016-0165

Windows, .NET, Office, Skype, Lync: four vulnerabilities of Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphics Component of Windows, .NET, Office, Skype, Lync.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/04/2016.
Identifiers: 3148522, 684, 707, CERTFR-2016-AVI-122, CERTFR-2016-AVI-123, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, MS16-039, VIGILANCE-VUL-19354.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync.

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0143]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0145]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0165]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0167]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0022 CVE-2016-0039 CVE-2016-0052

Microsoft Office, SharePoint: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office, SharePoint.
Impacted products: Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 09/02/2016.
Identifiers: 3134226, CERTFR-2016-AVI-057, CVE-2016-0022, CVE-2016-0039, CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2016-0056, MS16-015, VIGILANCE-VUL-18905.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office, SharePoint.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0022]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0052]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0053]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0054]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0055]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0056]

An attacker can trigger a Cross Site Scripting in Microsoft SharePoint, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-0039]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Office Access: