CVE-2016-0055
published 2016-02-10CVE-2016-0055: Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption…
PriorityP348high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
16.29%
96.6th percentile
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Fortinet
Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet
blogs_fortinet·2016-02-19·CVSS 7.8
CVE-2016-0059 [HIGH] Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet
FORTIGUARD LABS THREAT RESEARCH
Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet
By Kai Lu | February 19, 2016
Summary
This month Microsoft patched two vulnerabilities which were discovered and reported by me, one is an information disclosure vulnerability in Internet Explorer (IE) (CVE-2016-0059 in MS16-009), the other is a memory corruption vulnerability in Microsoft Office (CVE-2016-0055 in MS16-015). In this blog, we will provide in-depth analysis of CVE-2016-0059. The vulnerability exists because Microsoft Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability,
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Internet Explorer and Edge security bulletin resp
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
## Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Inter
2016-02-10
Published