Lucene search

[email protected]CVE-2016-7264

HistoryDec 20, 2016 - 6:59 a.m.

CVE-2016-7264

2016-12-2006:59:00

CWE-125

[email protected]

web.nvd.nist.gov

microsoft

excel

office

compatibility pack

viewer

mac 2011

mac 2016

remote attackers

information disclosure

vulnerability

nvd

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.8 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.”

CPENameOperatorVersion
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:excel_for_macmicrosoft excel for maceq2011
microsoft:excel_for_macmicrosoft excel for maceq2016
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:excelmicrosoft exceleq2007

CPE	Name	Operator	Version
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:excel_for_mac	microsoft excel for mac	eq	2011
microsoft:excel_for_mac	microsoft excel for mac	eq	2016
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:excel	microsoft excel	eq	2007