Information Disclosure Vulnerability in Microsoft Excel and Office Products
CVE-2016-7265

7.1HIGH

Key Information:

Vendor
Microsoft
Status
Excel
Sharepoint Server
Excel Viewer
Office Compatibility Pack
Vendor
CVE Published:
20 December 2016

Summary

This vulnerability allows remote attackers to exploit Microsoft Excel and associated Office products by crafting malicious documents that facilitate unauthorized access to sensitive information stored in process memory. Additionally, it can lead to denial of service through an out-of-bounds read, posing a serious risk to users across multiple versions of Excel and Office compatibility pack products. Users should remain vigilant and apply necessary updates to safeguard against this ongoing threat.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/94721
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037441
vdb-entryx_refsource_SECTRACK

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.