Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0122

CWE-119Buffer Overflow6 documents6 sources
Severity
7.8HIGH
EPSS
39.9%
top 2.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft ExcelMicrosoft Word FOR MAC
Timeline
PublishedApr 12
Latest updateMay 14

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/excel4 versions+3
NVDmicrosoft/word2016

🔴Vulnerability Details

2
GHSA
GHSA-94rx-pxvr-752c: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel V2022-05-14
CVEList
CVE-2016-0122: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel V2016-04-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)2016-04-14

📋Vendor Advisories

1
Microsoft
Microsoft Office Remote Code Execution Vulnerability2016-04-12

💬Community

1
Bugzilla
CVE-2016-2379 pidgin: Eavesdropping hashed password when logging2016-08-03
CVE-2016-0122 (HIGH CVSS 7.8) | Microsoft Excel 2007 SP3 | cvebase.io