cbcvebase.
CVE-2016-3235
published 2016-06-16

CVE-2016-3235: Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows…

PriorityP180high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
43.43%
98.6th percentile
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

Affected

12 ranges
VendorProductVersion rangeFixed in
microsoftvisio
microsoftvisio
microsoftvisio
microsoftvisio
microsoftvisio_viewer
microsoftvisio_viewer
msrcmicrosoft_visio_2007_service_pack_3
msrcmicrosoft_visio_2010_service_pack_2
msrcmicrosoft_visio_2013_service_pack_1
msrcmicrosoft_visio_2016
msrcmicrosoft_visio_viewer_2007_service_pack_3
msrcmicrosoft_visio_viewer_2010

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered when a user opens a specially crafted Office document that causes Office to load a malicious DLL via OLE DLL side-loading (improper input validation before loading DLL files)
  • Attack vector is local DLL side-loading; monitor for suspicious DLL loads by Visio or other Office processes (visio.exe, etc.) from non-standard or user-writable directories
  • The vulnerability resides in Microsoft Office OLE (Object Linking & Embedding) DLL handling; monitor for OLE-related DLL loads from Office applications that originate from unexpected paths
  • Successful exploitation results in full remote code execution with the privileges of the logged-in user; monitor for child processes spawned by Office applications (e.g., visio.exe) that perform privilege-escalating actions such as account creation or data modification
  • ·The update 3115198 is configuration-specific and will not be offered to all Microsoft Office 2010 installations; verify applicability before assuming patch coverage
  • ·Patch applicability extends beyond explicitly listed products to all Office components sharing the vulnerable OLE DLL; ensure all shared-component Office products are assessed, not just those named in the Affected Software table

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.