Lucene search

MicrosoftCVE-2016-3365

HistorySep 14, 2016 - 10:59 a.m.

CVE-2016-3365

2016-09-1410:59:39

CWE-119

microsoft

web.nvd.nist.gov

cve-2016-3365

microsoft excel

office

remote code execution

memory corruption vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.266

Percentile

96.8%

JSON

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3362.

Affected configurations

Nvd

Node

microsoftexcelMatch2007sp3

microsoftexcelMatch2010sp2

microsoftexcelMatch2013sp1

microsoftexcelMatch2013sp1rt

microsoftexcelMatch2016

microsoftexcel_viewer

microsoftoffice_compatibility_packsp3

microsoftoffice_online_server

microsoftsharepoint_designerMatch2007sp3

microsoftsharepoint_designerMatch2010sp2

microsoftsharepoint_designerMatch2013sp1

VendorProductVersionCPE
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*
microsoftexcel2013cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*
microsoftexcel2013cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*
microsoftexcel2016cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
microsoftexcel_viewer*cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
microsoftoffice_compatibility_pack*cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
microsoftoffice_online_server*cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*
microsoftsharepoint_designer2007cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*
microsoftsharepoint_designer2010cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp3::::::
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2::::::
microsoft	excel	2013	cpe:2.3:a:microsoft:excel:2013:sp1::::::
microsoft	excel	2013	cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::*
microsoft	excel	2016	cpe:2.3:a:microsoft:excel:2016:::::::*
microsoft	excel_viewer	*	cpe:2.3:a:microsoft:excel_viewer::::::::
microsoft	office_compatibility_pack	*	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
microsoft	office_online_server	*	cpe:2.3:a:microsoft:office_online_server::::::::
microsoft	sharepoint_designer	2007	cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3::::::
microsoft	sharepoint_designer	2010	cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2::::::