Memory Corruption Vulnerability in Microsoft Excel and Office Products
CVE-2016-0136

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Sharepoint Foundation
Sharepoint Designer
Office Compatibility Pack
Excel
Vendor
CVE Published:
12 April 2016

Summary

Microsoft Excel and related Office products contain a vulnerability that can be exploited by remote attackers through maliciously crafted Office documents. Once opened, these documents may lead to arbitrary code execution due to an uninitialized pointer within the application. This flaw affects specific versions of Excel and its services, making it crucial for users to apply the latest updates from Microsoft to safeguard against potential exploits.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://www.verisign.com/en_US/security-services/security...
third-party-advisoryx_refsource_IDEFENSE
http://www.securitytracker.com/id/1035525
vdb-entryx_refsource_SECTRACK

EPSS Score

43% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.