Microsoft Excel Memory Corruption Vulnerability in Multiple Versions
CVE-2016-3381

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Excel; Excel Viewer; Office Compatibility Pack
Vendor: CVE Published:; 14 September 2016

What is CVE-2016-3381?

A vulnerability exists in multiple versions of Microsoft Excel that could allow remote attackers to execute arbitrary code. This vulnerability occurs due to improper handling of objects in memory. An attacker could exploit this by crafting a malicious document designed to trigger the memory corruption when the document is opened. Successful exploitation would allow the attacker to take control of the affected system, leading to potential data breaches and unauthorized access.

References

http://www.securitytracker.com/id/1036785

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

23% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2016
Vulnerability Reserved
Mar 15, 2016