CVE-2016-3360

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.8HIGH

EPSS

17.4%

top 4.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Apps Microsoft Office WEB Apps Server Microsoft Powerpoint +2 more

Timeline

PublishedSep 14

Latest updateMay 14

Description

Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmicrosoft/office_web_apps_server2013

▶NVDmicrosoft/powerpoint4 versions+3

▶NVDmicrosoft/office_web_apps2010

▶NVDmicrosoft/sharepoint_designer2013

🔴Vulnerability Details

GHSA

GHSA-vqrv-x3p6-36rh: Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP↗2022-05-14

▶

CVEList

CVE-2016-3360: Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP↗2016-09-14

▶

📋Vendor Advisories

Microsoft

Microsoft Office Memory Corruption Vulnerability↗2016-09-13

▶