CVE-2016-0141 — Sensitive Information Exposure in Microsoft Office

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

7.7%

top 8.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Msrc Microsoft Office 2007 Service Pack 3 Msrc Microsoft Office 2010 Service Pack 2 +2 more

Timeline

PublishedSep 14

Latest updateMay 14

Description

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶msrcmsrc/microsoft_office_2016

▶msrcmsrc/microsoft_office_2007_service_pack_3

▶msrcmsrc/microsoft_office_2010_service_pack_2

▶msrcmsrc/microsoft_office_2013_service_pack_1

▶NVDmicrosoft/office4 versions+3

🔴Vulnerability Details

GHSA

GHSA-v6rf-3vh3-4jf3: The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save opera↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Microsoft Office Information Disclosure Vulnerability↗2016-09-13

▶

💬Community

Bugzilla

CVE-2016-2373 pidgin: MXIT Contact Mood Denial of Service Vulnerability↗2016-06-22

▶