The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Office Excel

computer vulnerability note CVE-2016-3313 CVE-2016-3315 CVE-2016-3316

Microsoft Office: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/08/2016.
Identifiers: 3177451, CERTFR-2016-AVI-270, COSIG-2016-31, COSIG-2016-32, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, MS16-099, VIGILANCE-VUL-20349, ZDI-16-451.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Microsoft OneNote, in order to obtain sensitive information. [severity:2/4; CVE-2016-3315]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3313]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3316]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3317]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3318, ZDI-16-451]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3278 CVE-2016-3279 CVE-2016-3280

Microsoft Office: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/07/2016.
Identifiers: 3170008, CERTFR-2016-AVI-231, CVE-2016-3278, CVE-2016-3279, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284, MS16-088, VIGILANCE-VUL-20084.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3281]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3282]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3284]

An attacker can use a vulnerability via an XLA file, in order to run code. [severity:3/4; CVE-2016-3279]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0025 CVE-2016-3233 CVE-2016-3234

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Excel, PowerPoint, MOSS, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/06/2016.
Identifiers: 3163610, CERTFR-2016-AVI-205, CVE-2016-0025, CVE-2016-3233, CVE-2016-3234, CVE-2016-3235, MS16-070, VIGILANCE-VUL-19897.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0025]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3233]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:3/4; CVE-2016-3234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3235]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-0126 CVE-2016-0140 CVE-2016-0183

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/05/2016.
Identifiers: 3155544, CVE-2016-0126, CVE-2016-0140, CVE-2016-0183, CVE-2016-0198, MS16-054, VIGILANCE-VUL-19578.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0126]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0140]

An attacker can use a vulnerability in Microsoft Office Graphics, in order to run code. [severity:3/4; CVE-2016-0183]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0198]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0122 CVE-2016-0127 CVE-2016-0136

Microsoft Office: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Excel, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/04/2016.
Identifiers: 3148775, CERTFR-2016-AVI-123, CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139, MS16-042, VIGILANCE-VUL-19357.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0122]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0127]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0136]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0139]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0143 CVE-2016-0145 CVE-2016-0165

Windows, .NET, Office, Skype, Lync: four vulnerabilities of Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphics Component of Windows, .NET, Office, Skype, Lync.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/04/2016.
Identifiers: 3148522, 684, 707, CERTFR-2016-AVI-122, CERTFR-2016-AVI-123, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, MS16-039, VIGILANCE-VUL-19354.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync.

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0143]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0145]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0165]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0167]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0022 CVE-2016-0039 CVE-2016-0052

Microsoft Office, SharePoint: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office, SharePoint.
Impacted products: Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 09/02/2016.
Identifiers: 3134226, CERTFR-2016-AVI-057, CVE-2016-0022, CVE-2016-0039, CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2016-0056, MS16-015, VIGILANCE-VUL-18905.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office, SharePoint.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0022]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0052]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0053]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0054]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0055]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0056]

An attacker can trigger a Cross Site Scripting in Microsoft SharePoint, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-0039]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-6117 CVE-2016-0010 CVE-2016-0011

Microsoft Office, SharePoint, Visual Basic: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office, SharePoint.
Impacted products: Office, Excel, PowerPoint, MOSS, Visio, Word, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/01/2016.
Identifiers: 3124585, CERTFR-2016-AVI-013, CVE-2015-6117, CVE-2016-0010, CVE-2016-0011, CVE-2016-0012, CVE-2016-0035, MS16-004, VIGILANCE-VUL-18700.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office, SharePoint and Visual Basic.

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0010]

An attacker can guess the memory layout of a process of Microsoft Office and Microsoft Visual Basic 6.0 Runtime, to bypass ASLR, in order to ease the next step of an attack. [severity:1/4; CVE-2016-0012]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0035]

An attacker can bypass security features in Access Control Policy of Microsoft SharePoint, in order to escalate his privileges. [severity:3/4; CVE-2016-0011]

An attacker can bypass security features in Access Control Policy of Microsoft SharePoint, in order to escalate his privileges. [severity:3/4; CVE-2015-6117]
Full Vigil@nce bulletin... (Free trial)

vulnerability note 18524

Excel: use after free via XLSB

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XLSB file, to force the usage of a freed memory area in Excel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Lync, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, Skype for Business.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 15/12/2015.
Identifiers: 3104540, MS15-116, VIGILANCE-VUL-18524, ZDI-15-639.

Description of the vulnerability

The Excel product supports binary files with the ".xlsb" extension.

However, if the file is malformed, Excel frees a memory area before reusing it.

An attacker can therefore invite the victim to open a malicious XLSB file, to force the usage of a freed memory area in Excel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-6040 CVE-2015-6118 CVE-2015-6122

Microsoft Office: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 08/12/2015.
Identifiers: 3116111, CERTFR-2015-AVI-527, CVE-2015-6040, CVE-2015-6118, CVE-2015-6122, CVE-2015-6124, CVE-2015-6172, CVE-2015-6177, MS15-131, VIGILANCE-VUL-18474.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6040]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6118]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6122]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6124]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6177]

An attacker can generate a memory corruption in Microsoft Outlook, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6172]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Office Excel: