Oval Definition:	oval:org.cisecurity:def:1637
Revision Date: 2017-01-20 Version: 6 Title: Microsoft Office Information Disclosure Vulnerability – CVE-2016-7276 (MS16-148) Description: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2016-7276 Platform(s): Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Product(s): Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Word Viewer Definition Synopsis Microsoft Office 2007 + file version Microsoft Office 2007 SP3 is installed AND Check if Mso.dll version is less than 12.0.6762.5000 OR Microsoft Office 2010 + file version Microsoft Office 2010 SP2 is installed AND Check if Mso.dll version is less than 14.0.7177.5000 OR Microsoft Office 2013 + file version Microsoft Office 2013 Microsoft Office 2013 SP1 x86 is installed OR Microsoft Office 2013 SP1 x64 is installed AND Check if Mso.dll version is less than 15.0.4885.1000 OR Microsoft Word Viewer + file version Microsoft Word Viewer is installed AND Check if Mso.dll version is less than 11.0.8438
BACK