CVE-2016-7265
Published on: 12/20/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:05 PM UTC
Certain versions of Excel from Microsoft contain the following vulnerability:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
- CVE-2016-7265 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.1 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | NONE | HIGH |
CVSS2 Score: 5.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Microsoft Office CVE-2016-7265 Information Disclosure Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Microsoft Security Bulletin MS16-148 - Critical | Microsoft Docs | docs.microsoft.com text/html |
![]() |
Microsoft Office Multiple Flaws Let Remote Users Bypass Security, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Users Gain Elevated Privileges - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Microsoft | Excel | 2007 | sp3 | All | All |
Application | Microsoft | Excel | 2010 | sp2 | All | All |
Application | Microsoft | Excel | 2013 | sp1 | All | All |
Application | Microsoft | Excel | 2013 | sp1 | All | All |
Application | Microsoft | Excel | 2016 | All | All | All |
Application | Microsoft | Excel | 2007 | sp3 | All | All |
Application | Microsoft | Excel | 2010 | sp2 | All | All |
Application | Microsoft | Excel | 2013 | sp1 | All | All |
Application | Microsoft | Excel | 2013 | sp1 | All | All |
Application | Microsoft | Excel | 2016 | All | All | All |
Application | Microsoft | Excel Viewer | All | All | All | All |
Application | Microsoft | Excel Viewer | All | All | All | All |
Application | Microsoft | Office Compatibility Pack | All | sp3 | All | All |
Application | Microsoft | Office Compatibility Pack | All | sp3 | All | All |
Application | Microsoft | Sharepoint Server | 2007 | sp3 | All | All |
Application | Microsoft | Sharepoint Server | 2010 | sp2 | All | All |
Application | Microsoft | Sharepoint Server | 2007 | sp3 | All | All |
Application | Microsoft | Sharepoint Server | 2010 | sp2 | All | All |
- cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*:
- cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*:
- cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE