FortiClient VulnerabilityMicrosoft Office CVE-2016-3279 Security Feature Bypass Vulnerability
Description
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability, to take advantage of the security feature bypass vulnerability and run arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by correcting how Microsoft Office handles the parsing of file formats.
Affected Applications
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Office Web Apps 2013 Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2016 x64
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2016 x86
Microsoft Excel 2016 x86
Microsoft SharePoint Server 2010 Service Pack 2 on Word Automation Services
Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 x64
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
CVE References
CVE-2016-3279Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3279| ID | 51591 |
| Created | Sep 25, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) , Microsoft Word 2013 RT Service Pack 1 , Microsoft Office Web Apps 2013 Service Pack 1 , Microsoft Excel 2010 Service Pack 2 (32-bit editions) , Microsoft Word 2016 x64 , Microsoft Office Web Apps 2010 Service Pack 2 , Microsoft Office 2010 Service Pack 2 (64-bit editions) , Microsoft Excel 2013 Service Pack 1 (64-bit editions) , Microsoft Word 2013 Service Pack 1 (32-bit editions) , Microsoft Word 2016 x86 , Microsoft Excel 2016 x86 , Microsoft SharePoint Server 2010 Service Pack 2 on Word Automation Services , Microsoft PowerPoint 2013 RT Service Pack 1 , Microsoft Office 2010 Service Pack 2 (32-bit editions) , Microsoft Excel 2013 RT Service Pack 1 , Microsoft Excel 2013 Service Pack 1 (32-bit editions) , Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) , Microsoft Excel 2016 x64 , Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) , Microsoft Excel 2010 Service Pack 2 (64-bit editions) , Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) , Microsoft Word 2013 Service Pack 1 (64-bit editions) , Microsoft Word 2010 Service Pack 2 (32-bit editions) , Microsoft Word 2010 Service Pack 2 (64-bit editions) |