CVE-2016-0127
published 2016-04-12CVE-2016-0127: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office_web_apps_server | — | — |
| microsoft | office_web_apps_server | — | — |
| microsoft | sharepoint_server | — | — |
| microsoft | sharepoint_server | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_compatibility_pack_service_pack_3 | — | — |
| msrc | microsoft_office_web_apps_2010_service_pack_2 | — | — |
| msrc | microsoft_office_web_apps_server_2013_service_pack_1 | — | — |
| msrc | microsoft_office_word_viewer | — | — |
| msrc | microsoft_word_2007_service_pack_3 | — | — |
| msrc | microsoft_word_2010_service_pack_2 | — | — |
| msrc | microsoft_word_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_word_2013_service_pack_1 | — | — |
| msrc | word_automation_services_on_microsoft_sharepoint_server_2010_service_pack_2 | — | — |
| msrc | word_automation_services_on_microsoft_sharepoint_server_2013_service_pack_1 | — | — |
GHSA
GHSA-6929-52rx-5h8x: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation
ghsa_unreviewed·2022-05-14
CVE-2016-0127 [HIGH] CWE-119 GHSA-6929-52rx-5h8x: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Microsoft
Microsoft Office Remote Code Execution Vulnerability
vendor_msrc·2016-04-12·CVSS 7.8
CVE-2016-0127 [HIGH] Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file w
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - April 2016
blogs_talos·2016-04-12·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - April 2016
## Microsoft Patch Tuesday - April 2016
Bulletins MS16-037 through MS16-040 and bulletins MS16-042, MS16-050 are rated as critical in this month's release.
MS16-037 is related to six vulnerabilities in Internet Explorer. The most severe vulnerabilities allow an attacker to craft a website that executes arbitrary code on the victim's device due to the memory corruption vulnerabilities in the browser. The attacker would be limited to executing code with same administrative rights as the current user, but with many users having full administrator rights, an attacker could use this to take full control of a device. To exploit the vulnerability the attacker must get the victim to view attacker controlled content. Previously, this has not proved a major limitation for attackers. Attackers have
Qualys
Patch Tuesday April 2016 | Qualys
blogs_qualys·2016-04-12·CVSS 7.8
[HIGH] Patch Tuesday April 2016 | Qualys
It is time for Patch Tuesday April 2016, and we have some insight into what is coming at us already. Last week Adobe had to anticipate their monthly Adobe Flash Player ( APSB16-10 ) patch to help their users defend against a 0-day that was being exploited in the wild and a couple of weeks ago we heard of the “Badlock” vulnerability from the Samba development team – both Windows and Samba on Linux/Unix are affected.
But Badlock seems to be tamer than expected – it is addressed by Microsoft in MS16-047 , a bulletin categorized as “important”. It is a Man-in-the-Middle type vulnerability and can be used to login as another user for applications that use the SAMR or LSAD protocol – the SMB protocol is not affected. All versions of Windows are affected – Vista to Server 2012R2. We are not sure
Qualys
Patch Tuesday April 2016 | Qualys
blogs_qualys·2016-04-12·CVSS 7.8
[HIGH] Patch Tuesday April 2016 | Qualys
It is time for Patch Tuesday April 2016, and we have some insight into what is coming at us already. Last week Adobe had to anticipate their monthly Adobe Flash Player (APSB16-10) patch to help their users defend against a 0-day that was being exploited in the wild and a couple of weeks ago we heard of the “Badlock” vulnerability from the Samba development team – both Windows and Samba on Linux/Unix are affected.
But Badlock seems to be tamer than expected – it is addressed by Microsoft in MS16-047, a bulletin categorized as “important”. It is a Man-in-the-Middle type vulnerability and can be used to login as another user for applications that use the SAMR or LSAD protocol – the SMB protocol is not affected. All versions of Windows are affected – Vista to Server 2012R2. We are not sure wh
Talos
Microsoft Patch Tuesday - April 2016
blogs_talos·2016-04-12·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - April 2016
Bulletins MS16-037 through MS16-040 and bulletins MS16-042, MS16-050 are rated as critical in this month's release.
MS16-037 is related to six vulnerabilities in Internet Explorer. The most severe vulnerabilities allow an attacker to craft a website that executes arbitrary code on the victim's device due to the memory corruption vulnerabilities in the browser. The attacker would be limited to executing code with same administrative rights as the current user, but with many users having full administrator rights, an attacker could use this to take full control of a device. To exploit the vulnerability the attacker must get the victim to view attacker controlled content. Previously, this has not proved a major limitation for attackers. Attackers have proved adept at sending spam messages, c
http://www.securitytracker.com/id/1035524http://www.securitytracker.com/id/1035525https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042http://www.securitytracker.com/id/1035524http://www.securitytracker.com/id/1035525https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042
2016-04-12
Published