Oval Definition:oval:org.cisecurity:def:773
Revision Date:2016-07-15Version:14
Title:Microsoft Office Memory Corruption Vulnerability - CVE-2016-0198 (MS16-054)
Description:Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0198
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft Office 2010
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Microsoft Word Viewer
Definition Synopsis
  • MS Word 2007 SP3 + vulnerable version
  • Microsoft Word 2007 SP3 is installed
  • AND Check if the version of winword.exe is less than 12.0.6748.5000
  • OR MS Office 2010 + vulnerable version
  • MS Office 2010 SP2
  • Microsoft Office 2010 SP2 x86 is installed
  • OR Microsoft Office 2010 SP2 x64 is installed
  • AND MS Office 2010 Apps + vulnerable files
  • MS Office 2010 Apps
  • Microsoft Office Web Apps 2010 Service Pack 2 is installed
  • OR Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • OR Microsoft Word 2010 SP2 is installed
  • AND Vulnerable file
  • Check if the version of wwlibcxm.dll is less than 14.0.7169.5000
  • OR Check if the version of winword.exe is less than 14.0.7169.5000
  • OR MS Word 2013 SP1 + vulnerable version
  • Microsoft Word 2013 SP1 is installed
  • AND Check if the version of winword.exe is less than 15.0.4823.1000
  • OR MS Word 2016 + vulnerable version
  • Microsoft Word 2016
  • AND Check if the version of winword.exe is less than 16.0.4378.1001
  • OR MS Word Viewer + vulnerable version
  • Microsoft Word Viewer is installed
  • AND Check if the version of wordview.exe is less than 11.0.8428
    • BACK