Remote Code Execution Vulnerability in Microsoft Office Products
CVE-2016-3279

5.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Word
Powerpoint
Excel
Powerpoint Rt
Vendor
CVE Published:
13 July 2016

Summary

A security vulnerability exists in Microsoft Office products that could allow remote attackers to execute arbitrary code through a specially crafted XLA file. When the malicious file is opened, it could enable the attacker to gain unauthorized access to the system, potentially allowing for manipulation or data theft. This vulnerability impacts several versions of Office starting from 2010 to 2016, including services within SharePoint and Office Web Apps.

References

http://www.securitytracker.com/id/1036274
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036275
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.