{"api_version":"1","generated_at":"2026-04-23T08:13:21+00:00","cve":"CVE-2016-3235","urls":{"html":"https://cve.report/CVE-2016-3235","api":"https://cve.report/api/cve/CVE-2016-3235.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-3235","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-3235"},"summary":{"title":"CVE-2016-3235","description":"Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2016-06-16 01:59:36","updated_at":"2026-04-22 16:31:41"},"problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft Security Bulletin MS16-070 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/538685/100/0/threaded","name":"http://www.securityfocus.com/archive/1/538685/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html","name":"https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"Microsoft Visio multiple DLL side loading vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1036093","name":"http://www.securitytracker.com/id/1036093","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Microsoft Office Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2016/Jun/32","name":"http://seclists.org/fulldisclosure/2016/Jun/32","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","Broken Link"],"title":"Full Disclosure: Microsoft Visio multiple DLL side loading vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html","name":"http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Visio DLL Hijacking ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-3235","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3235","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2021-11-03T00:00:00.000Z","lang":"en","value":"CVE-2016-3235 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"3235","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visio","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3235","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visio","cpe6":"2010","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3235","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visio","cpe6":"2013","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3235","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visio","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3235","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visio_viewer","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3235","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visio_viewer","cpe6":"2010","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2016","cve_id":"3235","cve":"CVE-2016-3235","vendorProject":"Microsoft","product":"Office","vulnerabilityName":"Microsoft Office OLE DLL Side Loading Vulnerability","dateAdded":"2021-11-03","shortDescription":"Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-05-03","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2016-3235","cwes":"CWE-264","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:11"},"epss":{"cve_year":"2016","cve_id":"3235","cve":"CVE-2016-3235","epss":"0.815640000","percentile":"0.991840000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T23:47:58.303Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"},{"name":"MS16-070","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"},{"name":"20160615 Microsoft Visio multiple DLL side loading vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/538685/100/0/threaded"},{"name":"1036093","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1036093"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"},{"name":"20160615 Microsoft Visio multiple DLL side loading vulnerabilities","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2016/Jun/32"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2016-3235","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-10T16:47:23.538864Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2021-11-03","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"description":"CWE-noinfo Not enough information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-21T23:55:51.339Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235"}],"timeline":[{"lang":"en","time":"2021-11-03T00:00:00.000Z","value":"CVE-2016-3235 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-06-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"},{"name":"MS16-070","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"},{"name":"20160615 Microsoft Visio multiple DLL side loading vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/538685/100/0/threaded"},{"name":"1036093","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1036093"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"},{"name":"20160615 Microsoft Visio multiple DLL side loading vulnerabilities","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2016/Jun/32"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2016-3235","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html","refsource":"MISC","url":"https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html"},{"name":"MS16-070","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070"},{"name":"20160615 Microsoft Visio multiple DLL side loading vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/538685/100/0/threaded"},{"name":"1036093","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1036093"},{"name":"http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html"},{"name":"20160615 Microsoft Visio multiple DLL side loading vulnerabilities","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2016/Jun/32"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2016-3235","datePublished":"2016-06-16T01:00:00.000Z","dateReserved":"2016-03-15T00:00:00.000Z","dateUpdated":"2025-10-21T23:55:51.339Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-06-16 01:59:36","lastModifiedDate":"2026-04-22 16:31:41","problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*","matchCriteriaId":"387D78BD-2368-4525-BFC2-52149585E1F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*","matchCriteriaId":"ED0408B6-4FB5-45E9-AD27-301FC383152D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*","matchCriteriaId":"89229922-0836-4CC2-AED2-107C3142D0EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio_viewer:2007:sp3:*:*:*:*:*:*","matchCriteriaId":"4E480F86-60A0-4662-9262-CBC94C62A8F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*","matchCriteriaId":"B063DF85-AF5F-484B-AB6F-7B51FC42189F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"3235","Ordinal":"1","Title":"CVE-2016-3235","CVE":"CVE-2016-3235","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"3235","Ordinal":"1","NoteData":"Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\"","Type":"Description","Title":"CVE-2016-3235"},{"CveYear":"2016","CveId":"3235","Ordinal":"2","NoteData":"2016-06-15","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"3235","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}