Oval Definition:	oval:org.cisecurity:def:1374
Revision Date: 2016-12-09 Version: 11 Title: Microsoft Office RCE Vulnerability – CVE-2015-6172 Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-6172 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP Product(s): Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Definition Synopsis Word 2007 and vulnerable file version Microsoft Word 2007 SP3 is installed AND Check if the version of winword.exe is less than 12.0.6740.5000 OR Office 2010 and vulnerable file version Microsoft Office 2010 SP2 is installed AND Check if the version of wwlibcxm.dll is less than 14.0.7164.5001 OR Word 2010 and vulnerable file version Microsoft Word 2010 SP2 is installed AND Check if the version of winword.exe is less than 14.0.7164.5001 OR Word 2013 and vulnerable file version Microsoft Word 2013 SP1 is installed AND Check if the version of winword.exe is less than 15.0.4779.1001 OR Word 2016 and vulnerable file version Microsoft Word 2016 is installed AND Check if the version of winword.exe is less than 16.0.4312.1001 OR Office Compatibility Pack and vulnerable file version Microsoft Office Compatibility Pack SP3 is installed AND Check if the version of wordcnv.dll is less than 12.0.6740.5000
BACK