Lucene search

[email protected]CVE-2016-0137

HistorySep 14, 2016 - 10:59 a.m.

CVE-2016-0137

2016-09-1410:59:00

CWE-254

[email protected]

web.nvd.nist.gov

cve-2016-0137

microsoft

office

c2r

aslr

bypass

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka “Microsoft APP-V ASLR Bypass.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2013
microsoft:officemicrosoft officeeq2016

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2013
microsoft:office	microsoft office	eq	2016

References

www.securityfocus.com/bid/92785

www.securitytracker.com/id/1036785

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2016-0137

symantec1 mscve1 prion1 openvas2 threatpost1 mskb1 kaspersky1 nessus1