Lucene search

[email protected]NVD:CVE-2016-3279

HistoryJul 13, 2016 - 1:59 a.m.

CVE-2016-3279

2016-07-1301:59:33

CWE-254

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.133

Percentile

95.6%

JSON

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka “Microsoft Office Remote Code Execution Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2010sp2

microsoftexcelMatch2013sp1

microsoftexcelMatch2016

microsoftexcel_rtMatch2013sp1

microsoftofficeMatch2010sp2

microsoftoffice_web_appsMatch2010sp2

microsoftpowerpointMatch2010sp2

microsoftpowerpointMatch2013sp1

microsoftpowerpoint_rtMatch2013sp1

microsoftsharepoint_serverMatch2010sp2

microsoftwordMatch2010sp2

microsoftwordMatch2013sp1

microsoftwordMatch2016

microsoftword_rtMatch2013sp1

VendorProductVersionCPE
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*
microsoftexcel2013cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*
microsoftexcel2016cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
microsoftexcel_rt2013cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
microsoftpowerpoint2010cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*
microsoftpowerpoint2013cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*
microsoftpowerpoint_rt2013cpe:2.3:a:microsoft:powerpoint_rt:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2::::::
microsoft	excel	2013	cpe:2.3:a:microsoft:excel:2013:sp1::::::
microsoft	excel	2016	cpe:2.3:a:microsoft:excel:2016:::::::*
microsoft	excel_rt	2013	cpe:2.3:a:microsoft:excel_rt:2013:sp1::::::
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::
microsoft	office_web_apps	2010	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::
microsoft	powerpoint	2010	cpe:2.3:a:microsoft:powerpoint:2010:sp2::::::
microsoft	powerpoint	2013	cpe:2.3:a:microsoft:powerpoint:2013:sp1::::::
microsoft	powerpoint_rt	2013	cpe:2.3:a:microsoft:powerpoint_rt:2013:sp1::::::
microsoft	sharepoint_server	2010	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::