Information Disclosure Vulnerability in Microsoft Office Products
CVE-2016-7233

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Word Viewer
Excel For Mac
Word For Mac
Office Web Apps
Vendor
CVE Published:
10 November 2016

Summary

A vulnerability exists in multiple Microsoft Office products that allows remote attackers to exploit sensitive information from process memory. This occurs through specially crafted Office documents, potentially leading to unauthorized information disclosure or denial of service through an out-of-bounds read. Affected versions include Microsoft Word 2007, Office 2010 SP2, Word for Mac 2011, among others. Users are advised to update their products to mitigate the risk of exploitation.

References

https://www.verisign.com/en_US/security-services/security...
third-party-advisoryx_refsource_IDEFENSE
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/94031
vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.