Oval Definition:oval:org.cisecurity:def:1375
Revision Date:2016-12-09Version:12
Title:Microsoft Office Memory Corruption Vulnerability – CVE-2016-7193 (MS16-121)
Description:Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-7193
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Online Server
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Microsoft Word Viewer
Definition Synopsis
  • Microsoft Word 2007 + file version
  • Microsoft Word 2007 SP3 is installed
  • AND Check if winword.exe version is less than 12.0.6758.5000
  • OR Microsoft Office 2010 + file version
  • Microsoft Office 2010 SP2 is installed
  • AND Check if wwlibcxm.dll version is less than 14.0.7174.5001
  • OR Microsoft Word 2010 + file version
  • Microsoft Word 2010 SP2 is installed
  • AND Check if winword.exe version is less than 14.0.7174.5001
  • OR Microsoft Word 2013 + file version
  • Microsoft Word 2013 is installed
  • AND Check if winword.exe version is less than 15.0.4867.1002
  • OR Microsoft Word 2016 + file version
  • Microsoft Word 2016 is installed
  • AND Check if winword.exe version is less than 16.0.4444.1003
  • OR Microsoft Office Compatibility Pack + file version
  • Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if wordcnv.dll version is less than 12.0.6758.5000
  • OR Microsoft Word Viewer + file version
  • Microsoft Word Viewer is installed
  • AND Check if wordview.exe version is less than 11.0.8436
  • OR Microsoft Sharepoint Server 2010 + file version
  • Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • AND Check if sword.dll version is less than 14.0.7174.5001
  • OR Microsoft Sharepoint Server 2013 + file version
  • Microsoft SharePoint Server 2013 SP1 is installed
  • AND Check if sword.dll version is less than 15.0.4867.1002
  • OR Microsoft Office Web Apps 2010 + file version
  • Microsoft Office Web Apps 2010 Service Pack 2 is installed
  • AND Check if sword.dll version is less than 14.0.7174.5001
  • OR Microsoft Office Web Apps Server 2013 + file version
  • Microsoft Office Web Apps Server 2013 SP1 is installed
  • AND Check if sword.dll version is less than 15.0.4867.1002
    • BACK