CVE-2016-7298

Summary

CVE	CVE-2016-7298
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-12-20 06:59:00 UTC
Updated	2018-10-12 22:14:00 UTC
Description	Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Office	2007	sp3	All	All
Application	Microsoft	Office	2010	sp2	All	All
Application	Microsoft	Office	2011	All	mac	All
Application	Microsoft	Office	2016	All	mac	All
Application	Microsoft	Office	2007	sp3	All	All
Application	Microsoft	Office	2010	sp2	All	All
Application	Microsoft	Office	2011	All	mac	All
Application	Microsoft	Office	2016	All	mac	All
Application	Microsoft	Word Viewer	-	All	All	All
Application	Microsoft	Word Viewer	-	All	All	All

References

Reference	Source	Link	Tags
Microsoft Security Bulletin MS16-148 - Critical \| Microsoft Docs	MS	docs.microsoft.com
Microsoft Office Multiple Flaws Let Remote Users Bypass Security, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Users Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Microsoft Office CVE-2016-7298 Memory Corruption Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.