CVE-2016-0056Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-138Improper Neutralization of Special Elements4 documents4 sources
Severity
7.8HIGHNVD
EPSS
24.7%
top 3.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Word
Timeline
PublishedFeb 10
Latest updateMay 14

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/word4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-r3xh-hrgg-6mvr: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote at2022-05-14
CVEList
CVE-2016-0056: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote at2016-02-10

📋Vendor Advisories

1
Red Hat
vim: Lack of validation of values for few options results in code exection2016-11-20
CVE-2016-0056 — Microsoft Office vulnerability | cvebase