CVE-2016-7277Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.6CRITICALNVD
EPSS
5.0%
top 10.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft OfficeMsrc Microsoft Office 2016 Click-to-run FOR 32-bit EditionsMsrc Microsoft Office 2016 Click-to-run FOR 64-bit Editions
Timeline
PublishedDec 20
Latest updateMay 14

Description

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

🔴Vulnerability Details

1
GHSA
GHSA-6f9h-5q62-2mmx: Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "2022-05-14

📋Vendor Advisories

1
Microsoft
Microsoft Office Memory Corruption Vulnerability2016-12-13

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - December 20162016-12-13
Talos
Microsoft Patch Tuesday - December 20162016-12-13