Lucene search

[email protected]CVE-2016-7235

HistoryNov 10, 2016 - 6:59 a.m.

CVE-2016-7235

2016-11-1006:59:48

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-7235

microsoft word

office 2010

word 2010

word for mac 2011

excel for mac 2011

office compatibility pack sp3

memory corruption

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.7 High

EPSS

Percentile

98.0%

JSON

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftexcel_for_macMatch2011

microsoftofficeMatch2010sp2

microsoftoffice_compatibility_packsp3

microsoftwordMatch2007

microsoftwordMatch2010sp2

microsoftword_for_macMatch2011

CPENameOperatorVersion
microsoft:excel_for_macmicrosoft excel for maceq2011
microsoft:officemicrosoft officeeq2010
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:wordmicrosoft wordeq2007
microsoft:wordmicrosoft wordeq2010
microsoft:word_for_macmicrosoft word for maceq2011

CPE	Name	Operator	Version
microsoft:excel_for_mac	microsoft excel for mac	eq	2011
microsoft:office	microsoft office	eq	2010
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:word	microsoft word	eq	2007
microsoft:word	microsoft word	eq	2010
microsoft:word_for_mac	microsoft word for mac	eq	2011