The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Office Word

vulnerability CVE-2016-7193

Microsoft Office: memory corruption via RTF

Synthesis of the vulnerability

An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.

Description of the vulnerability

The Microsoft Office product can open documents in RTF format.

However, a malicious document corrupts the Microsoft Office memory.

An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3209 CVE-2016-3262 CVE-2016-3263

Windows, .NET, Office, Skype, Lync, Silverlight: seven vulnerabilities via Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Silverlight, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/10/2016.
Identifiers: 3192884, 825, 829, 864, 868, CERTFR-2016-AVI-340, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393, CVE-2016-3396, CVE-2016-7182, MS16-120, VIGILANCE-VUL-20829.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3393]

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3396]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3209]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3262]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3263]

An attacker can bypass security features via True Type Font, in order to escalate his privileges. [severity:2/4; CVE-2016-7182]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3270]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-0137 CVE-2016-0141 CVE-2016-3357

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 13/09/2016.
Revision date: 21/09/2016.
Identifiers: 3185852, CERTFR-2016-AVI-309, CVE-2016-0137, CVE-2016-0141, CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016-3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3366, CVE-2016-3381, MS16-107, VIGILANCE-VUL-20592, ZDI-16-508.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Click-to-Run, in order to obtain sensitive information. [severity:1/4; CVE-2016-0137]

An attacker can bypass security features via Visual Basic Macros, in order to obtain sensitive information. [severity:2/4; CVE-2016-0141]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3357]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3358]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3359]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3360]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3361]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3362]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3363]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3364]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3365, ZDI-16-508]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3381]

An attacker can alter displayed information, in order to deceive the victim. [severity:2/4; CVE-2016-3366]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3313 CVE-2016-3315 CVE-2016-3316

Microsoft Office: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/08/2016.
Identifiers: 3177451, CERTFR-2016-AVI-270, COSIG-2016-31, COSIG-2016-32, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, MS16-099, VIGILANCE-VUL-20349, ZDI-16-451.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Microsoft OneNote, in order to obtain sensitive information. [severity:2/4; CVE-2016-3315]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3313]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3316]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3317]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3318, ZDI-16-451]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3278 CVE-2016-3279 CVE-2016-3280

Microsoft Office: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/07/2016.
Identifiers: 3170008, CERTFR-2016-AVI-231, CVE-2016-3278, CVE-2016-3279, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284, MS16-088, VIGILANCE-VUL-20084.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3281]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3282]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3284]

An attacker can use a vulnerability via an XLA file, in order to run code. [severity:3/4; CVE-2016-3279]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0025 CVE-2016-3233 CVE-2016-3234

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Excel, PowerPoint, MOSS, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/06/2016.
Identifiers: 3163610, CERTFR-2016-AVI-205, CVE-2016-0025, CVE-2016-3233, CVE-2016-3234, CVE-2016-3235, MS16-070, VIGILANCE-VUL-19897.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0025]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3233]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:3/4; CVE-2016-3234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3235]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-0126 CVE-2016-0140 CVE-2016-0183

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/05/2016.
Identifiers: 3155544, CVE-2016-0126, CVE-2016-0140, CVE-2016-0183, CVE-2016-0198, MS16-054, VIGILANCE-VUL-19578.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0126]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0140]

An attacker can use a vulnerability in Microsoft Office Graphics, in order to run code. [severity:3/4; CVE-2016-0183]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0198]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0122 CVE-2016-0127 CVE-2016-0136

Microsoft Office: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Excel, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/04/2016.
Identifiers: 3148775, CERTFR-2016-AVI-123, CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139, MS16-042, VIGILANCE-VUL-19357.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0122]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0127]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0136]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0139]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0143 CVE-2016-0145 CVE-2016-0165

Windows, .NET, Office, Skype, Lync: four vulnerabilities of Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphics Component of Windows, .NET, Office, Skype, Lync.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/04/2016.
Identifiers: 3148522, 684, 707, CERTFR-2016-AVI-122, CERTFR-2016-AVI-123, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, MS16-039, VIGILANCE-VUL-19354.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync.

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0143]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0145]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0165]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0167]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0021 CVE-2016-0057 CVE-2016-0134

Microsoft Office: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, InfoPath, MOSS, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/03/2016.
Identifiers: 3141806, CERTFR-2016-AVI-090, CVE-2016-0021, CVE-2016-0057, CVE-2016-0134, MS16-029, VIGILANCE-VUL-19127.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can invite the victim to open a malicious Office document, to generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0021]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-0057]

An attacker can invite the victim to open a malicious Office document, to generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0134]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Office Word: