CVE-2016-3233Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
7.3HIGHNVD
EPSS
29.8%
top 3.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Excel
Timeline
PublishedJun 16
Latest updateMay 14

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages1 packages

NVDmicrosoft/excel2007, 2010+1

🔴Vulnerability Details

2
GHSA
GHSA-3jhw-x2w4-9xvv: Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office docu2022-05-14
CVEList
CVE-2016-3233: Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office docu2016-06-16

📋Vendor Advisories

1
Microsoft
Microsoft Office Memory Corruption Vulnerability2016-06-14

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - June 20162016-06-14
Talos
Microsoft Patch Tuesday - June 20162016-06-14
CVE-2016-3233 — Microsoft Excel vulnerability | cvebase