Information Disclosure Vulnerability in Microsoft Word Products
CVE-2016-7290

7.1HIGH

Key Information:

Vendor

Microsoft
Status
Word For Mac
Office Web Apps
Office Compatibility Pack
Sharepoint Server
Vendor
CVE Published:
20 December 2016

What is CVE-2016-7290?

Certain Microsoft Word products and services are vulnerable to exploitation through specially crafted documents, which can allow attackers to access sensitive information stored in memory or to trigger a denial of service due to out-of-bounds read. This weakness highlights the importance of updating software to the latest versions and applying security patches to prevent unauthorized access and data leaks.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/94670
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037441
vdb-entryx_refsource_SECTRACK

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.