CVE-2016-7264

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.1HIGH

EPSS

11.3%

top 6.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Excel FOR MAC

Timeline

PublishedDec 20

Latest updateMay 14

Description

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

▶NVDmicrosoft/excel2007, 2011, 2016+2

🔴Vulnerability Details

GHSA

GHSA-6mcm-xc38-6p28: Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sen↗2022-05-14

▶

CVEList

CVE-2016-7264: Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sen↗2016-12-20

▶

📋Vendor Advisories

Microsoft

Microsoft Excel Information Disclosure Vulnerability↗2016-12-13

▶