Microsoft Office Memory Corruption Vulnerability in InfoPath by Microsoft
CVE-2016-0021

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Infopath
Vendor
CVE Published:
9 March 2016

Summary

Microsoft InfoPath versions 2007 SP3, 2010 SP2, and 2013 SP1 are susceptible to a security vulnerability that allows remote attackers to execute arbitrary code. This exploit is executed through specially crafted Office documents, potentially compromising the security of the affected system. Users are advised to apply the latest updates to mitigate this risk.

References

http://www.securitytracker.com/id/1035207
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/84024
vdb-entryx_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.