Lucene search

[email protected]NVD:CVE-2016-0022

HistoryFeb 10, 2016 - 11:59 a.m.

CVE-2016-0022

2016-02-1011:59:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.644

Percentile

97.9%

JSON

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0052.

Affected configurations

Nvd

Node

microsoftoffice_compatibility_packsp3

microsoftoffice_web_apps_serverMatch2013sp1

microsoftsharepoint_serverMatch2013sp1

microsoftwordMatch2007sp3

microsoftwordMatch2010sp2

microsoftwordMatch2013sp1

microsoftwordMatch2013sp1rt

microsoftwordMatch2016

microsoftword_for_macMatch2011

microsoftword_for_macMatch2016

microsoftword_viewer

VendorProductVersionCPE
microsoftoffice_compatibility_pack*cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
microsoftoffice_web_apps_server2013cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_server2013cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
microsoftword2007cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
microsoftword2010cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
microsoftword2013cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
microsoftword2013cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
microsoftword2016cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
microsoftword_for_mac2011cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*
microsoftword_for_mac2016cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office_compatibility_pack	*	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
microsoft	office_web_apps_server	2013	cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1::::::
microsoft	sharepoint_server	2013	cpe:2.3:a:microsoft:sharepoint_server:2013:sp1::::::
microsoft	word	2007	cpe:2.3:a:microsoft:word:2007:sp3::::::
microsoft	word	2010	cpe:2.3:a:microsoft:word:2010:sp2::::::
microsoft	word	2013	cpe:2.3:a:microsoft:word:2013:sp1::::::
microsoft	word	2013	cpe:2.3:a:microsoft:word:2013:sp1:::rt:::*
microsoft	word	2016	cpe:2.3:a:microsoft:word:2016:::::::*
microsoft	word_for_mac	2011	cpe:2.3:a:microsoft:word_for_mac:2011:::::::*
microsoft	word_for_mac	2016	cpe:2.3:a:microsoft:word_for_mac:2016:::::::*