Oval Definition:oval:org.cisecurity:def:874
Revision Date:2016-07-29Version:15
Title:Microsoft Office Memory Corruption Vulnerability – CVE-2016-0025 (MS16-070)
Description:Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0025
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Definition Synopsis
  • Microsoft Office Software
  • MS Word 2007 SP3 + vulnerable version
  • Microsoft Word 2007 SP3 is installed
  • AND Check if the version of winword.exe is less than 12.0.6749.5000
  • OR MS Office 2010 SP2 + vulnerable version
  • MS Office 2010 SP2
  • Microsoft Office 2010 SP2 x86 is installed
  • OR Microsoft Office 2010 SP2 x64 is installed
  • AND Check if the version of wwlibcxm.dll is less than 14.0.7170.5000
  • OR MS Word 2010 SP2 + vulnerable version
  • Microsoft Word 2010 SP2 is installed
  • AND Check if the version of winword.exe is less than 14.0.7170.5000
  • OR MS Word 2013 SP1 + vulnerable version
  • Microsoft Word 2013 SP1 is installed
  • AND Check if the version of winword.exe is less than 15.0.4833.1000
  • OR MS Office 2016 + vulnerable version
  • Microsoft Office 2016 is installed
  • AND Check if the version of mso.dll is less than 16.0.4390.1000
  • OR MS Word 2016 + vulnerable version
  • Microsoft Word 2016 is installed
  • AND Check if the version of winword.exe is less than 16.0.4393.1000
  • OR MS Office Compatibility Pack SP3 + vulnerable version
  • Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if the version of wordcnv.dll is less than 12.0.6749.5000
  • OR Microsoft Office Services and Web Apps
  • MS SharePoint Server/Office Web Apps 2010 + vulnerable version
  • MS SharePoint Server/Office Web Apps 2010 + vulnerable version
  • Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • AND Microsoft Office Web Apps 2010 Service Pack 2 is installed
  • AND Check if the version of oartserver.dll is less than 14.0.7169.5000
  • OR MS SharePoint Server/Office Web Apps 2013 + vulnerable version
  • MS SharePoint Server/Office Web Apps 2013 + vulnerable version
  • Microsoft SharePoint Server 2013 SP1 is installed
  • AND Microsoft Office Web Apps Server 2013 SP1 is installed
  • AND Check if the version of oartserver.dll is less than 15.0.4833.1000
    • BACK