Lucene search

MicrosoftCVE-2016-0127

HistoryApr 12, 2016 - 11:59 p.m.

CVE-2016-0127

2016-04-1223:59:05

CWE-119

microsoft

web.nvd.nist.gov

microsoft

office

vulnerability

cve-2016-0127

nvd

memory corruption

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.704

Percentile

98.0%

JSON

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2010sp2

microsoftoffice_compatibility_packsp3

microsoftoffice_web_apps_serverMatch2010sp2

microsoftoffice_web_apps_serverMatch2013sp1

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013sp1

microsoftwordMatch2007sp3

microsoftwordMatch2010sp2

microsoftwordMatch2013sp1

microsoftwordMatch2013sp1rt

microsoftword_viewer

VendorProductVersionCPE
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftoffice_compatibility_pack*cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
microsoftoffice_web_apps_server2010cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*
microsoftoffice_web_apps_server2013cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
microsoftsharepoint_server2013cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
microsoftword2007cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
microsoftword2010cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
microsoftword2013cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
microsoftword2013cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::
microsoft	office_compatibility_pack	*	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
microsoft	office_web_apps_server	2010	cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2::::::
microsoft	office_web_apps_server	2013	cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1::::::
microsoft	sharepoint_server	2010	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
microsoft	sharepoint_server	2013	cpe:2.3:a:microsoft:sharepoint_server:2013:sp1::::::
microsoft	word	2007	cpe:2.3:a:microsoft:word:2007:sp3::::::
microsoft	word	2010	cpe:2.3:a:microsoft:word:2010:sp2::::::
microsoft	word	2013	cpe:2.3:a:microsoft:word:2013:sp1::::::
microsoft	word	2013	cpe:2.3:a:microsoft:word:2013:sp1:::rt:::*