CVE-2016-7233 Microsoft Office Remote Code Execution Vulnerabilities (MS16-133)

2016年11月9日 1174点热度 0人点赞 0条评论

漏洞类别：Office Application

漏洞等级：

漏洞信息

This security update resolves vulnerabilities in Microsoft Office.
The security update addresses the vulnerabilities by correcting how Microsoft Office initializes variables.
Affected versions of Office and Office components handle objects in memory.

漏洞危害

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

解决方案

Refer to MS16-133 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-133: Microsoft Excel 2007 Service Pack 3

MS16-133: Microsoft Word 2007

MS16-133: Microsoft Office 2010 Service Pack 2 (32-bit editions)

MS16-133: Microsoft Office 2010 Service Pack 2 (64-bit editions)

MS16-133: Microsoft Excel 2010 Service Pack 2 (32-bit editions)

MS16-133: Microsoft Excel 2010 Service Pack 2 (64-bit editions)

MS16-133: Microsoft Word 2010 Service Pack 2 (32-bit editions)

MS16-133: Microsoft Word 2010 Service Pack 2 (64-bit editions)

MS16-133: Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)