Memory Corruption Vulnerability in Microsoft Excel and Office Products
CVE-2016-3365

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Excel
Excel Viewer
Sharepoint Designer
Office Compatibility Pack
Vendor
CVE Published:
14 September 2016

Summary

This vulnerability in Microsoft Excel and several related Office products enables remote attackers to execute arbitrary code by utilizing specially crafted documents. The flaw stems from memory corruption issues that impact various Excel versions, highlighting the importance of timely security updates to protect against exploitation. Both standalone and server-based services, including SharePoint and Office Online, are affected, necessitating enhanced vigilance and immediate action to prevent potential breaches.

References

http://www.securitytracker.com/id/1036785
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/92804
vdb-entryx_refsource_BID

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.