CVE-2016-3278

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.8HIGH

EPSS

24.4%

top 3.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Outlook Microsoft Outlook RT

Timeline

PublishedJul 13

Latest updateMay 14

Description

Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/outlook2010, 2013, 2016+2

▶NVDmicrosoft/outlook_rt2013

🔴Vulnerability Details

GHSA

GHSA-4pr7-5493-phmj: Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Micr↗2022-05-14

▶

CVEList

CVE-2016-3278: Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Micr↗2016-07-13

▶

📋Vendor Advisories

Microsoft

Microsoft Office Memory Corruption Vulnerability↗2016-07-12

▶