Lucene search

[email protected]CVE-2016-3284

HistoryJul 13, 2016 - 1:59 a.m.

CVE-2016-3284

2016-07-1301:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-3284

microsoft

excel

office

memory corruption

vulnerability

nvd

security update

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.7 High

EPSS

Percentile

98.0%

JSON

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2013
microsoft:excelmicrosoft exceleq2016
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:excel_for_macmicrosoft excel for maceq2011
microsoft:excel_for_macmicrosoft excel for maceq2016
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:excelmicrosoft exceleq2010
microsoft:excel_rtmicrosoft excel rteq2013
microsoft:excelmicrosoft exceleq2007

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2013
microsoft:excel	microsoft excel	eq	2016
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:excel_for_mac	microsoft excel for mac	eq	2011
microsoft:excel_for_mac	microsoft excel for mac	eq	2016
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:excel	microsoft excel	eq	2010
microsoft:excel_rt	microsoft excel rt	eq	2013
microsoft:excel	microsoft excel	eq	2007