Vulners
Lucene search
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
 | Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) | 14 Apr 201600:00 | – | zdt |
 | CVE-2016-0122 | 14 Apr 201600:00 | – | circl |
 | Microsoft Office Memory Corruption Vulnerability (CNVD-2016-02238) | 14 Apr 201600:00 | – | cnvd |
 | Microsoft Office Memory Corruption (MS16-042: CVE-2016-0122) | 12 Apr 201600:00 | – | checkpoint_advisories |
 | CVE-2016-0122 | 12 Apr 201623:00 | – | cve |
 | CVE-2016-0122 | 12 Apr 201623:00 | – | cvelist |
 | Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) | 14 Apr 201600:00 | – | exploitpack |
 | MS16-042: Description of the security update for Excel 2010: April 12, 2016 | 12 Apr 201607:00 | – | mskb |
| Security update 2016-04-12 | 12 Apr 201607:00 | – | mskb |
| Security update 2016-04-12 | 12 Apr 201607:00 | – | mskb |
10
#######################################################################################
# Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution
# Application: Microsoft Office Excel
# Affected Products: Microsoft Office Excel 2007,2010,2013,2016
# Software Link: https://products.office.com/en-ca/excel
# Date: April 12, 2016
# CVE: CVE-2016-0122 (MS16-042)
# Author: Sébastien Morin from COSIG
# Contact: https://twitter.com/COSIG_ (@COSIG_)
# Personal contact: https://smsecurity.net/; https://twitter.com/SebMorin1 (@SebMorin1)
#######################################################################################
===================
Introduction:
===================
Microsoft Excel is a spreadsheet developed by Microsoft for Windows, Mac OS X, and iOS. It features calculation, graphing tools, pivot tables, and a macro programming language called Visual Basic for Applications. It has been a very widely applied spreadsheet for these platforms, especially since version 5 in 1993, and it has replaced Lotus 1-2-3 as the industry standard for spreadsheets. Excel forms part of Microsoft Office.
(https://en.wikipedia.org/wiki/Microsoft_Excel)
#######################################################################################
===================
Report Timeline:
===================
2016-02-06: Sébastien Morin from COSIG report the vulnerability to MSRC.
2016-02-16: MSRC confirm the vulnerability.
2016-04-12: Microsoft fixed the issue (MS16-042).
2016-04-13: Advisory released.
#######################################################################################
===================
Technical details:
===================
This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file (.xlsm). An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
#######################################################################################
==========
POC:
==========
https://smsecurity.net/wp-content/uploads/2016/04/Microsoft_Office_Excel_Out-of-Bounds_Read_RCE.xlsm
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39694.zip
#######################################################################################Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Apr 2016 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 37.8
CVSS 29.3
EPSS0.39916