CVE-2016-0137 - The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to by

CVE-2016-0137

Summary

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 12-10-2018 - 22:11)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

msbulletin via4

bulletin_id	MS16-107
bulletin_url
date	2016-09-13T00:00:00
impact	Remote Code Execution
knowledgebase_id	3185852
knowledgebase_url
severity	Critical
title	Security Update for Microsoft Office

refmap via4

bid	92785
sectrack	1036785

Last major update

12-10-2018 - 22:11

Published

14-09-2016 - 10:59

Last modified

12-10-2018 - 22:11