Oval Definition:oval:org.cisecurity:def:877
Revision Date:2016-07-29Version:12
Title:Microsoft Office Information Disclosure Vulnerability – CVE-2016-3234 (MS16-070)
Description:Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-3234
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Definition Synopsis
  • Microsoft Office Software
  • MS Word 2007 SP3 + vulnerable version
  • Microsoft Word 2007 SP3 is installed
  • AND Check if the version of winword.exe is less than 12.0.6749.5000
  • OR MS Office 2010 SP2 + vulnerable version
  • MS Office 2010 SP2
  • Microsoft Office 2010 SP2 x86 is installed
  • OR Microsoft Office 2010 SP2 x64 is installed
  • AND Check if the version of wwlibcxm.dll is less than 14.0.7170.5000
  • OR MS Word 2010 SP2 + vulnerable version
  • Microsoft Word 2010 SP2 is installed
  • AND Check if the version of winword.exe is less than 14.0.7170.5000
  • OR MS Office Compatibility Pack SP3 + vulnerable version
  • Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if the version of wordcnv.dll is less than 12.0.6749.5000
  • OR MS Word Viewer + vulnerable version
  • Microsoft Word Viewer is installed
  • AND Check if the version of wordview.exe is less than 11.0.8429
  • OR Microsoft Office Services and Web Apps
  • MS SharePoint Server/Office Web Apps 2010 + vulnerable version
  • MS SharePoint Server/Office Web Apps 2010 + vulnerable version
  • Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • AND Microsoft Office Web Apps 2010 Service Pack 2 is installed
  • AND Check if the version of oartserver.dll is less than 14.0.7169.5000
  • OR MS SharePoint Server/Office Web Apps 2013 + vulnerable version
  • MS SharePoint Server/Office Web Apps 2013 + vulnerable version
  • Microsoft SharePoint Server 2013 SP1 is installed
  • AND Microsoft Office Web Apps Server 2013 SP1 is installed
  • AND Check if the version of oartserver.dll is less than 15.0.4833.1000
    • BACK