CVE-2016-3235
Published on: 06/15/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:02 PM UTC
Certain versions of Visio from Microsoft contain the following vulnerability:
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
- CVE-2016-3235 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 9.3 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
SecurityFocus | www.securityfocus.com text/html |
![]() |
Microsoft Office Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecurityTracker | www.securitytracker.com text/html |
![]() |
Microsoft Security Bulletin MS16-070 - Critical | Microsoft Docs | docs.microsoft.com text/html |
![]() |
Microsoft Visio DLL Hijacking ≈ Packet Storm | packetstormsecurity.com text/html |
![]() |
Microsoft Visio multiple DLL side loading vulnerabilities | www.securify.nl text/html |
![]() |
Full Disclosure: Microsoft Visio multiple DLL side loading vulnerabilities | seclists.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Microsoft | Visio | 2007 | sp3 | All | All |
Application | Microsoft | Visio | 2010 | sp2 | All | All |
Application | Microsoft | Visio | 2013 | sp1 | All | All |
Application | Microsoft | Visio | 2016 | All | All | All |
Application | Microsoft | Visio | 2007 | sp3 | All | All |
Application | Microsoft | Visio | 2010 | sp2 | All | All |
Application | Microsoft | Visio | 2013 | sp1 | All | All |
Application | Microsoft | Visio | 2016 | All | All | All |
Application | Microsoft | Visio Viewer | 2007 | sp3 | All | All |
Application | Microsoft | Visio Viewer | 2010 | All | All | All |
Application | Microsoft | Visio Viewer | 2007 | sp3 | All | All |
Application | Microsoft | Visio Viewer | 2010 | All | All | All |
- cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio_viewer:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio_viewer:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE