CVE-2016-0140Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
36.0%
top 2.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft OfficeMicrosoft Office WEB AppsMicrosoft Sharepoint Server
Timeline
PublishedMay 11
Latest updateMay 14

Description

Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDmicrosoft/office2007, 2010+1

🔴Vulnerability Details

2
GHSA
GHSA-xr82-rp9q-jgqf: Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attacker2022-05-14
CVEList
CVE-2016-0140: Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attacker2016-05-11

📋Vendor Advisories

1
Microsoft
Microsoft Office Remote Code Execution Vulnerability2016-05-10

💬Community

1
Bugzilla
CVE-2016-2372 pidgin: MXIT File Transfer Length Memory Disclosure Vulnerability2016-06-22
CVE-2016-0140 — Microsoft Office vulnerability | cvebase