CVE-2016-0137 — Microsoft Office vulnerability

CWE-2544 documents4 sources

Severity

3.3LOWNVD

EPSS

6.5%

top 8.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Msrc Microsoft Office 2013 Service Pack 1

Timeline

PublishedSep 14

Latest updateMay 14

Description

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶msrcmsrc/microsoft_office_2013_service_pack_1

▶NVDmicrosoft/office2013, 2016+1

🔴Vulnerability Details

GHSA

GHSA-fpwc-2qp4-xhff: The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted a↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Microsoft APP-V Security Feature Bypass Vulnerability↗2016-09-13

▶

💬Community

Bugzilla

CVE-2016-2369 pidgin: MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability↗2016-06-22

▶