Oval Definition:oval:org.cisecurity:def:1687
Revision Date:2017-02-03Version:7
Title:Microsoft Office Information Disclosure Vulnerability – CVE-2016-7265 (MS16-148)
Description:Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-7262
CVE-2016-7265
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Vista
Product(s):Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Definition Synopsis
  • Microsoft Excel 2007 + file version
  • Microsoft Excel 2007 SP3 is installed
  • AND Check if excel.exe version is less than 12.0.6762.5000
  • OR Microsoft Excel 2010 + file version
  • Microsoft Excel 2010 SP2 is installed
  • AND Check if excel.exe version is less than 14.0.7177.5000
  • OR Microsoft Excel 2013 + file version
  • Microsoft Excel 2013 SP1 is installed
  • AND Check if excel.exe version is less than 15.0.4885.1000
  • OR Microsoft Excel 2016 + file version
  • Microsoft Excel 2016 is installed
  • AND Check if excel.exe version is less than 16.0.4471.1000
  • OR Microsoft Office Compatibility Pack + file version
  • Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if excelcnv.exe version is less than 12.0.6762.5000
  • OR Microsoft Excel Viewer + file version
  • Microsoft Excel Viewer 2007 is installed
  • AND Check if xlview.exe version is less than 12.0.6762.5000
  • OR Microsoft Office SharePoint Server 2007 + file version
  • Microsoft Office SharePoint Server 2007 SP3 is installed
  • AND Check if xlsrv.dll version is less than 12.0.6762.5000
  • OR Microsoft Office SharePoint Server 2010 + file version
  • Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • AND Check if xlsrv.dll version is less than 14.0.7177.5000
    • BACK