Oval Definition:oval:org.cisecurity:def:502
Revision Date:2016-06-13Version:17
Title:Microsoft Office Memory Corruption Vulnerability – CVE-2016-0136 (MS16-042)
Description:Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0136
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Definition Synopsis
  • Microsoft Excel 2007 + file version
  • Microsoft Excel 2007 SP3 is installed
  • AND Check if excel.exe version is less than 12.0.6747.5000
  • OR Microsoft Excel 2010 + file version
  • Microsoft Excel 2010 SP2 is installed
  • AND Check if excel.exe version is less than 14.0.7168.5000
  • OR Microsoft Office Compatibility Pack + file version
  • Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if excelcnv.exe version is less than 12.0.6747.5000
  • OR Microsoft Office SharePoint Server 2007 + file version
  • Microsoft Office SharePoint Server 2007 SP3 is installed
  • AND Check if xlsrv.dll version is less than 12.0.6747.5000
  • OR Microsoft Office SharePoint Server 2010 + file version
  • Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • AND Check if xlsrv.dll version is less than 14.0.7168.5000
    • BACK