Information Disclosure Vulnerability in Microsoft Office Products
CVE-2016-3234

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Office Web Apps; Office; Sharepoint Server; Office Compatibility Pack
Vendor: CVE Published:; 16 June 2016

What is CVE-2016-3234?

This vulnerability in Microsoft Office products allows remote attackers to access sensitive information by leveraging crafted Office documents. When an affected version processes a malicious document, it can unintentionally expose stored data from process memory, making it susceptible to unauthorized access. This flaw poses significant risks for users handling confidential documents, emphasizing the need for immediate updates to safeguard against potential data breaches.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1036093

vdb-entryx_refsource_SECTRACK

EPSS Score

35% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2016
Vulnerability Reserved
Mar 15, 2016