ID CVE-2016-3279
Summary Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint_rt:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint_rt:2013:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 12-10-2018 - 22:12)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
msbulletin via4
bulletin_id MS16-088
bulletin_url
date 2016-07-12T00:00:00
impact Remote Code Execution
knowledgebase_id 3170008
knowledgebase_url
severity Critical
title Security Update for Microsoft Office
refmap via4
bid 91587
sectrack
  • 1036274
  • 1036275
Last major update 12-10-2018 - 22:12
Published 13-07-2016 - 01:59
Last modified 12-10-2018 - 22:12
Back to Top