CVE-2016-0057 — Microsoft Office vulnerability

CWE-2646 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 27.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office

Timeline

PublishedMar 9

Latest updateMay 14

Description

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/office4 versions+3

🔴Vulnerability Details

GHSA

GHSA-xr6x-5h2r-x4p8: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - March 2016↗2016-03-08

▶

Talos

Microsoft Patch Tuesday - March 2016↗2016-03-08

▶

💬Community

Bugzilla

CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities↗2016-02-09

▶