Microsoft Office Remote Code Execution Vulnerabilities (MS16-088)

2016年9月27日 1850点热度 0人点赞 0条评论

漏洞类别：Office Application漏洞等级：

漏洞信息

Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

A vulnerability exists when Microsoft Office fails to properly handle XLA files.

Microsoft has released a security update that addresses the vulnerabilities by correcting how:
- Office handles objects in memory
- Certain functions handle objects in memory
- Windows validates input before loading libraries

漏洞危害

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

解决方案

Refer to MS16-088 for more information.

Workaround:
1) Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources

Impact of workaround #1: Users who have configured the File Block policy and have not configured a special "exempt directory" will be unable to open documents saved in the RTF format.

2) Prevent Word from loading RTF files

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-088: Microsoft Excel 2007 Service Pack 3

MS16-088: Microsoft Word 2007 Service Pack 3

MS16-088: Microsoft Office 2010 Service Pack 2 (32-bit editions)

MS16-088: Microsoft Office 2010 Service Pack 2 (64-bit editions)

MS16-088: Microsoft Excel 2010 Service Pack 2 (32-bit editions)

MS16-088: Microsoft Excel 2010 Service Pack 2 (64-bit editions)

MS16-088: Microsoft Outlook 2010 Service Pack 2 (32-bit editions)

MS16-088: Microsoft Outlook 2010 Service Pack 2 (64-bit editions)

MS16-088: Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)

MS16-088: Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)